Customer Support: 800-526-4902
 
Sign In Contact Us
Home > Legal Library > Article




Join Matindale-Hubbell Connected


The Massachusetts Data Security Regulations Go Into Effect Next Week: March 1, 2010




by:
Beth I. Z. Boland
Bingham McCutchen LLP - Boston Office

James Grant Snell
Bingham McCutchen LLP - East Palo Alto Office

Maureen Ann Young
Bingham McCutchen LLP - San Francisco Office

 
March 12, 2010

Previously published on February 26, 2010

As previously highlighted in Bingham’s Privacy and Security alerts dated October 31, 2008, November 18, 2008, February 18, 2009, August 19, 2009 and November 5, 2009, the Massachusetts Office of Consumer Affairs and Business Regulation has issued regulations (“Regulations”), codified at 201 CMR 17.00, requiring that persons who “own or license personal information about a resident of the Commonwealth” comply with strict requirements to safeguard such personal information. These new regulations go into effect on Monday, March 1, 2010.

Is YOUR Business Covered by the Regulations?

As we have previously reported, the Regulations require ANY business that “receives, stores, maintains, processes, or otherwise has access to ‘personal information’” (i.e., first name or initial and last name, in conjunction with (1) social security number, (2) driver’s license or state-issued identification number, or (3) financial account or credit/debit card number) about a resident of Massachusetts to:

  • Establish a comprehensive information security program with “up-to-date” firewall protection and identify and assess reasonably foreseeable internal and external risks to all systems that hold personal information of Massachusetts residents;
  • Ensure that the safeguards of any information security program be “consistent with” similar safeguards imposed by any applicable state or federal law;
  • Encrypt all wirelessly transmitted data and documents containing personal information sent over the Internet or saved on laptops or flash drives; and
  • Take “reasonable steps” to select and retain third-party vendors that have the capacity to maintain appropriate security measures for personal information and contractually require such vendors to maintain such safeguards.

If you have any questions or concerns as to whether your business complies with these Regulations, please contact one of the lawyers listed below to receive a copy of Bingham’s “Practical Guide to Complying With the New Massachusetts Data Security Regulations.”



 

The views expressed in this document are solely the views of the author and not Martindale-Hubbell. This document is intended for informational purposes only and is not legal advice or a substitute for consultation with a licensed legal professional in a particular case or circumstance.
 

View More Library Documents By...

 
Bingham McCutchen LLP
 
Boston Office
East Palo Alto Office
San Francisco Office
San Francisco Office
Practice Area
 
Business Law
Government
 
Bingham McCutchen LLP Overview


 

Practice Area Resource Centers
Visit our Practice Area Resource Centers to view practice area specific content compiled from a variety of legal sources. Find related articles, podcasts, industry leader insights and much more. We currently offer the following Practice Areas: Litigation; Intellectual Property; Real Estate; Corporate Law; Criminal Law; Bankruptcy; Immigration; Business Law; Insurance; Taxation; Labor & Employment; Commercial Law; Medical Malpractice; Trusts & Estates; Securities; International Law ; Health Care; Environmental Law; Construction Law; Workers' Compensation

Printer Friendly Version
Featured Services
About Us
LexisNexis© Digital Network
Follow Us

Terms & Conditions | Privacy | Copyright © 2012 LexisNexis, a division of Reed Elsevier Inc. All rights reserved.