Businesses that have not adopted written information security programs to comply with the Massachusetts information security regulations have little more than a week to wrap up their compliance efforts. Monday, March 1, 2010 is the deadline set by the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) for businesses around the world that handle the personal information of Massachusetts residents to comply with the strict Massachusetts regulations.
The Massachusetts identity theft regulations, 201 Code of Massachusetts Regulations 17.00, apply to any individual, company or organization that handles personal information in connection with employment or the sale of goods or services. "Personal information" includes name of Massachusetts residents in combination with Social Security numbers, state driver's license numbers, identification card numbers or financial account numbers. If your business collects or maintains personal information, you must come into compliance with the regulations by the March 1st deadline.
To comply with the regulations, affected businesses are required to adopt a comprehensive, written information security program that adopts reasonable security measures to safeguard personal information. While a compliant program should be appropriate to the size of the company and the amount of personal information at issue, the regulations contain a number of specific requirements such as encrypting personal information sent in emails, stored on laptops or mobile devices, and making sure that company anti-virus software is up-to-date.
Foley Hoag's Security & Privacy Practice Group has been actively assisting clients developing information security programs to comply with the Massachusetts regulations, as well as other federal, state and international laws regarding information security and identity theft. The Firm's information security attorneys have developed a series of guides and materials to help clients quickly comply with these rules that may be found at the Foley Hoag Web site (foleyhoag.com/Services/Security-and-Privacy/publications.aspx).
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.