We've written previously (e.g., here) about Massachusetts' new data security rules. Briefly, they would have required anyone who owns, stores or maintains the personal data about a resident of Massachusetts who stores data electronically to encrypt the data before transmitting it wirelessly or over a public network. The rules would also have required encryption of data stored on mobile devices. I say "would have" because because their implementation deadline, which had been previously set at May 1, 2009 has been extended till January 1, 2010 (see article here).
Of course, this isn't a big surprise, since regulations having to do with privacy (both strengthening, like the red flag rules and weakening, like Real ID) have a history of getting delayed.