The petition pointed to ongoing efforts in New Jersey, where a similar measure is being implemented but in a much more phased manner over a two-year period, and said that Massachusetts should consider adopting a similar model. In total, the petition listed six areas of concern with the regulations, including the mandatory encryption and data inventorying provisions and what it described as the "overly aggressive compliance date for implementing the standards."

In an interview with Computerworld before the new revisions were announced, Jon Hurst, president of the Retailers Association of Massachusetts, noted that the timing of the regulations is especially unfortunate because of the recession. Given the fact that most companies are in survival mode, it would be difficult for them to implement costly new security measures at the same time, Hurst said.