Bingham

Bingham

The Massachusetts Data Security Regulations Go Into Effect Next Week: March 1, 2010

Feb. 26, 2010

As previously highlighted in Bingham’s Privacy and Security alerts dated October 31, 2008, November 18, 2008, February 18, 2009August 19, 2009 and November 5, 2009, the Massachusetts Office of Consumer Affairs and Business Regulation has issued regulations (“Regulations”), codified at 201 CMR 17.00, requiring that persons who “own or license personal information about a resident of the Commonwealth” comply with strict requirements to safeguard such personal information. These new regulations go into effect on Monday, March 1, 2010.

Is YOUR Business Covered by the Regulations?

As we have previously reported, the Regulations require ANY business that “receives, stores, maintains, processes, or otherwise has access to ‘personal information’” (i.e., first name or initial and last name, in conjunction with (1) social security number, (2) driver’s license or state-issued identification number, or (3) financial account or credit/debit card number) about a resident of Massachusetts to:

  • Establish a comprehensive information security program with “up-to-date” firewall protection and identify and assess reasonably foreseeable internal and external risks to all systems that hold personal information of Massachusetts residents;
  • Ensure that the safeguards of any information security program be “consistent with” similar safeguards imposed by any applicable state or federal law;
  • Encrypt all wirelessly transmitted data and documents containing personal information sent over the Internet or saved on laptops or flash drives; and
  • Take “reasonable steps” to select and retain third-party vendors that have the capacity to maintain appropriate security measures for personal information and contractually require such vendors to maintain such safeguards.

If you have any questions or concerns as to whether your business complies with these Regulations, please contact one of the lawyers listed below to receive a copy of Bingham’s “Practical Guide to Complying With the New Massachusetts Data Security Regulations.”

To review the full text of the Regulations, click here.

Bingham’s Privacy and Security Group helps companies in a broad range of industries comply with a complex array of data protection and privacy laws, regulations and standards. We have successfully handled numerous major data breach matters in a variety of jurisdictions. 

Authored by: Kristen E. Ferris

Circular 230 Disclosure: Internal Revenue Service regulations provide that, for the purpose of avoiding certain penalties under the Internal Revenue Code, taxpayers may rely only on opinions of counsel that meet specific requirements set forth in the regulations, including a requirement that such opinions contain extensive factual and legal discussion and analysis. Any tax advice that may be contained herein does not constitute an opinion that meets the requirements of the regulations. Any such tax advice therefore cannot be used, and was not intended or written to be used, for the purpose of avoiding any federal tax penalties that the Internal Revenue Service may attempt to impose.

Back To Top

Legal insight. Business instinct. Global intelligence. ®