Massachusetts’s new data security regulations, effective March 1, 2010, currently set forth the country’s most stringent requirements for protecting data. Extending beyond what is required by other states, Massachusetts specifies that, for example, covered entities, including exempt organizations, must implement a written information security program and must encrypt personal information that will be transmitted over the Internet, or that is kept on laptops and other portable devices. Out-of-state exempt organizations working with Massachusetts residents should determine whether they have to comply with these new regulations.
The Massachusetts data security breach law and proposed regulations have triggered extensive discussions and debate over the past year. The issues and concerns raised resulted in extension of the compliance dates for the law. However, although significant modifications have recently been made under the leadership of the new Undersecretary for Consumer Affairs, Barbara Anthony, substantial compliance… Continue Reading