Back in May, I wrote about the Commonwealth of Massachusetts’ kick ass new data protection law, which looked like it could really encourage companies doing business in the state to pay more attention to the security of customer information. Well, since the law’s passage, there has not been any enforcement action in connection with it, and the MA Attorney General has not issued any guidance for companies as to how to comply with the law’s provisions. This my be about to change, however, thanks to a recently reported breach of the credit card numbers and personal information of 1800 MA residents (amongst a total of 110,000 records stolen) resulting from a hack of the web server of New York City based CitySights (a tour bus operator). I really hope that MA throws the proverbial book at these guys. For one thing, they violated both PCI standards and common sense by storing credit card CVV2 codes with the associated credit card numbers. More importantly, they consistently mistake me for a tourist as I walk around midtown and try to sell me tour bus tickets. Do I look like a freakin tourist???