For the second time in four months, the Commonwealth of Massachusetts has pushed back the implementation of its new data protection law – one of the toughest in the nation. Yet even with the new deadline of January 2010, many of the businesses impacted by these stringent data protection requirements won’t be compliant, say industry experts familiar with the new regulation. The regulation is described by many as the nation’s most cumbersome data security regulation. It will require all entities that license, store or maintain personal information about a Massachusetts resident to implement a comprehensive information security program — even if the business or entity does not have offices in the state.