The standard for data security is rising since the Massachusetts data privacy law took effect on March 1. And security firms are finding the costs of compliance are higher than anticipated. For instance:

Sophos Plc, a $260 million data security software company with dual headquarters in Burlington and the U.K., has seen a change in enterprise customers' perceptions of what it means to protect sensitive data, said chief marketing officer Rainer Gawlick. "They see the writing on the wall. Massachusetts isn't the only state where this is happening. It's become almost received wisdom and part of good clean corporate governance and operations

Mass High Tech says Sophos' new investors intend to add staff and seek acquisitions as "threat complexity increases and the industry becomes 'consumerized.'"

However, at the same time enterprise customers have their eye on such emerging data security needs, Sophos' small to midsize business customers are finding it hard to afford the basic encryption demanded by Massachusetts' new law, said Sophos vice president of corporate strategy Arabella Hallawell.

Because of the new law, companies are housecleaning old data they've amassed. That's providing opportunities for developers who can design good data management software.

 -- Sonia R. Lelii