With the deadline for complying with the Massachusetts identity theft law just six months away, at least one state senator is still seeking changes to that law. In Senate Bill S173, which until now has received little public notice, State Senator Michael Morrissey proposes to make it easier for small businesses to comply, by requiring the state’s regulations to take account of a business’s resources as it requires compliance: "[S]aid department shall create separate regulations for small businesses covered by this chapter that reflect said small businesses unique situation and resources." This type of language is reminiscent of the HIPAA security rules and their scalability for businesses of different sizes.
S173 also addresses the issue of what businesses can do with employees who violate the law, by making it easier to fire them: "A willful violation of this chapter or regulations implementing this chapter, or a written information security plan issued by a person covered by state or federal privacy laws shall provide just cause for the termination of an employee, whether the employee is employed by a private person, public agency or political subdivision of the state."