The Massachusetts Data Security Law and Regulations
November 2, 2009
On Friday, October 30, 2009, Massachusetts released the final revised version of its data security regulations. Under the final regulations, Massachusetts will require that by March 1, 2010, all businesses that own, license, receive, store, maintain, process or otherwise access “personal information” about a Massachusetts resident must have in place minimum standards to protect the security, confidentiality and integrity of that information. This statute has no jurisdictional boundaries and essentially means that every business—regardless of location or size—that maintains “personal information” of a Massachusetts resident will have to comply or risk substantial fines and penalties.
McDermott recently released a White Paper that provides a comprehensive overview of the Massachusetts data security laws and regulations, and details what your business must do to comply by March 1, 2010. Click here to access the full White Paper.
What Steps Can Businesses Take Now?
To assist businesses in determining the extent to which they are subject to the Massachusetts requirements, and to help clients chart a course toward compliance, McDermott has prepared a comprehensive Data Security Compliance Manual that is available for license. The Compliance Manual includes a model written information security program and a compendium of data security policies designed to help clients meet the requirements of the Massachusetts laws. A copy of the Compliance Manual's table of contents can be found here. If you are interested in licensing a Compliance Manual, please contact Heather Egan Sussman at +1 617 535 4177 or hsussman@mwe.com.
If your company is in the health care industry and is either a covered entity or business associate under HIPAA, McDermott has prepared similar compliance materials. A preview of the manual's table of contents for covered entities can be viewed here, and the business associates table of contents can be viewed here. If you are interested in licensing HIPAA compliance materials, please contact Daniel Gottlieb at +1 312 984 6471 or dgottlieb@mwe.com, or Stephen Bernstein at +1 617 535 4062 or sbernstein@mwe.com.
How Do Businesses Find More Information?
For more information about the Massachusetts data security laws and regulations, click here to listen to a past McDermott webcast on the topic and download program materials focused on Massachusetts data security compliance. Further information about the Massachusetts data breach requirements and the regulations also are available at the Massachusetts Attorney General’s office and the Massachusetts Office of Consumer Affairs and Business Regulation.
