The National Conference of State Legislatures has a handy online list of individual state notification laws concerning security breaches. It’s interesting to note that for the most part Massachusetts and Rhode Island statutes read very similar until you reach the penalties and enforcement sections. RI law stipulates “each violation of this chapter is a civil violation for which a penalty of not more than a hundred dollars ($100) per record and not more than twenty-five thousand dollars ($25,000) may be adjudged against a defendant.” The Massachusetts posting is probably out of date and should be referencing the recently enacted 201CMR17 legislation that grants penalty amounts of up to $5000 per record with no stated limitation per breach. Let’s see 200 customer records times $5000 dollars . . .