Unfortunately too many small businesses have believed that since they are not financial, not heath care or not educational, that they do not need to harden their networks in accordance with regulations such as SOX, HIPAA and FERPA to name but a few. Much too often unencrypted data is lost or compromised as a result. All networks need to be vigilant and do their part to keep non-public information just that, confidential. It is unfortunate that the State of Washington now has to get involved but apparently that was the only way to get compliance. The PCI DSS standard is easy to achieve, requires common security measures and common sense. I for one think it is overdue. Unfortunately most businesses that will be impacted by this are unaware of the new law. The industry needs to step up notifications as well as help these businesses achieve compliance. Once this is achieved we need to tackle the 10 million unsecured Wi-Fi networks in the United States that are being used to send terrorist messages, spam, child porn and creating a huge problem of identity theft. If we are going to use these devices of convenience, computers and the Internet, we need to be responsible and do our part to not adding to the problem. Kudos Washington State let the other States follow!