United States: Massachusetts Modifies Its New Information Security Rules For Businesses And Extends The Compliance Deadline Again

The Massachusetts Office of Consumer Affairs and Business Regulation issued a press release on August 17, 2009, extending the deadline for compliance with the state's new information security regulations from January 1, 2010, to March 1, 2010, and updating the regulations to implement a more risk-based approach.

The regulations had required all businesses, regardless of size, that own, license, store or maintain personal information about a resident of Massachusetts to encrypt that information when stored on portable devices or transmitted wirelessly or on public networks, and adopt a comprehensive, written information security program. New language in the regulations now recognizes that the size of a business and the amount of personal information it handles is a factor in the data security plan the business creates. Hence, the regulations were modified so that the safeguards are appropriate to the size, scope and type of business handling the information; the amount of resources available to the business; the amount of stored data; and the need for security and confidentiality of both consumer and employee information.

The regulations were originally scheduled to take effect on January 1, 2009, and were then extended until May 1, 2009, and then January 1, 2010, prior to this latest extension.

If you have any questions regarding these regulations, including how they may affect your company, please contact Sandra A. Jeskie, a member of the Information Technologies and Telecom Practice or the lawyer in the firm with whom you are regularly in contact.

This article is for general information and does not include full legal analysis of the matters presented. It should not be construed or relied upon as legal advice or legal opinion on any specific facts or circumstances. The description of the results of any specific case or transaction contained herein does not mean or suggest that similar results can or could be obtained in any other matter. Each legal matter should be considered to be unique and subject to varying results. The invitation to contact the authors or attorneys in our firm is not a solicitation to provide professional services and should not be construed as a statement as to any availability to perform legal services in any jurisdiction in which such attorney is not permitted to practice.

Duane Morris LLP, a full-service law firm with more than 700 attorneys in 24 offices in the United States and internationally, offers innovative solutions to the legal and business challenges presented by today's evolving global markets.