The law, which is believed to be the first of its kind anywhere in the country, applies to all commercial businesses that collect customer information, such as Social Security numbers, credit card or bank account information, and that also have a wireless network. Also covered by the law are businesses that offer public Internet access.

The mandate was introduced as a measure to protect consumers against identity theft and other types of computer fraud, according to a statement posted on the county's Web site. "We know there are many unsecured wireless networks out there, and any malicious individual with even minimal technical competence would have no trouble accessing information that should be kept confidential," County Executive Andy Spano said in the statement.

When the law was proposed last fall, a team from the county's IT department drove through downtown White Plains using a laptop equipped with easily available software to detect 248 wireless hot spots, out of which 120 lacked any visible security.

"It would be nice if these businesses took the necessary steps on their own to ensure their networks were kept secure, but the sad fact is that many don't. That's why we're taking it one step further and making it a law," Spano said.

Businesses that collect, store and use personal information have 180 days to comply with the law, which requires them to implement measures such as installing a network firewall, changing the systems SSID or network name and disabling SSID broadcasting. All of this can be "achieved with minimal effort and little or no additional cost to the system operator," the statement said.