In 2007, the Legislature passed a comprehensive set of laws addressing data breaches. Under that law are a set of regulations that affect any business that collects and retains personal information of its customers. For the purpose of these regulations, "personal information" includes names, social security numbers, driver's license numbers or financial account numbers, including credit or debit card numbers.

On February 12, 2009, the Office of Consumer Affairs and Business Regulation filed final regulations that will protect personal information of residents of the Commonwealth.

These regulations may have significant implications for the businesses who are governed by them and the AGO is committed to working with the business community as the effective date of the regulations. The regulations will take effect January 1, 2010, and mandate that personal information - a combination of a name along with a Social Security number, bank account number, or credit card number - be encrypted when stored on portable devices, or transmitted wirelessly or on public networks. Additionally, the regulations call on businesses to utilize up-to-date firewall protection that creates an electronic gatekeeper between the data and the outside world and only permits authorized users to access or transmit data, according to preset rules.

For more information, visit the Office of Consumer Affairs and Business Regulation website .

To view the regulations: