According to OCABR, you can expect to spend an upfront $3,000 and $500 per month to comply with 201 CMR 17.00
The Office of Consumer Affairs and Business Regulation (OCABR) has published a hypothetical cost for complying with their MA encryption law, 201 CMR 17.00. A lot of it seems to center around encryption:
These notifications demonstrate, among other things, that wireless transmissions of personal information must to be encrypted in order to insure its security; and we have learned from the proliferation of laptop thefts that personal information stored thereon, and on other portable devices, must be encrypted to have meaningful protection. [My emphasis]
They do note that other tools besides data encryption software is necessary as well (locking file cabinets, for example). The assumption is that such tools have been figured into OCABR’s calculations. In order to make these calculations, they had to set up some assumptions.
1 network server, serving 7 desktops
Network consultant already employed (having such a mix of computers usually means there is one being employed by the business)
With the above configuration, a business should expect to spend no more than $3,000 in upfront costs, according to the OCABR, “with ongoing technical oversight, monitoring and maintenance that would likely be absorbed within any currently existing technical support program.” You can expect to add $500 per month if a tech support program is not in place already.
Of the $3,000, the initial setup cost would be approximately $2,000, with a computer consultant taking 2 days to set up the appropriate protection (and charging $125 per hour!)
OCABR also notes that this is a maximum limit. I’d have to agree. I don’t know about other aspects of data security, but AlertBoot’s hard disk encryption and file encryption would cost much less and finish the job in 1 day, on average.