Protecting Personal Information - New Law Affects Virtually Every Business in the Commonwealth

August 17, 2009

The state of the security of personal information is changing drastically, and the law is evolving accordingly. In August of 2007, a new law was signed by Governor Patrick relative to consumer data breaches. In accordance with the legislation, the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) issued comprehensive regulations designed to strictly regulate people and entities that, as a result of their operations, store or maintain personal information of a Massachusetts resident. This law affects virtually every business in MA.

Originally the deadline for compliance was January 1, 2009, but as a result of significant pushback from impacted businesses, the deadline was initially extended to May 1, 2009, and again to January 1, 2010. This is when your company must comply with strict new guidelines relative to how you protect and store consumers’ personal information. The implications upon service providers, professionals, and most certainly business owners, are significant.

By way of background, the movement to regulate personal information maintained by businesses is prompted in part by the rash of breaches in security over recent years, most notably in 2007 with the high profiled breach at TJX Company.

You may read more at the link below.

by: Jeffrey I. Fialky

August 17, 2009

Download the full PDF version: