Massachusetts information security regulations took effect on March 1, 2010. In approximately five weeks, covered companies face a compliance deadline relating to their third party service provider contracts.
On December 8, the House of Representatives by voice vote passed H.R. 2221, entitled the “Data Accountability and Trust Act,” which would require all organizations engaged in interstate commerce that manage or contract another to manage electronic data containing personal information to comply with a comprehensive set of standards designed to protect that information from unnecessary disclosure and to prevent identity theft and other fraud. Th eBill now heads to the Senate where passage this year is unlikely, but where consideration next year is expected.
The August 17, 2009 revisions of the Standards for the Protection of Personal Information of Residents of the Commonwealth of Massachusetts (“Massachusetts Standards”) were accompanied by reassurances that the changes were designed to create a more flexible regulatory framework that would ease the burdens on business while protecting the public interests. However, the revisions also include […]
On August 17, 2009, the Massachusetts Office of Consumer Affairs and Business Regulation (“OCABR”) issued a second set of revisions to the Standards for the Protection of Personal Information of Residents of the Commonwealth (“Massachusetts Standards”), 201 CMR 17.00. In support of the revisions, the OCABR also issued Frequently Asked Questions (“FAQs”) to clarify the regulators’ views […]