201 CMR 17.00 is a Massachusetts data protection law managed by ‘Office of Consumer Affairs and Business Regulation’ (OCABR). It contains the ‘Standards for the Protection of Personal Information of Residents of the Commonwealth’. The provisions of this regulation applies to all who own, store, license or maintain any personal information about a resident of the Commonwealth. This regulation is established to safeguard the personal information contained in paper and electronic records. The other purposes for this regulation can be:
• Maintain the security and confidentiality of personal information in a manner that is consistent with industry standards.
• Protection against threats or hazards to the security or integrity of such information.
• Protection against unauthorized access to personal information.
The law was supposed to go into effect on January 1, 2009 but due to some changes which are being made to the new version it has been postponed to May 1, 2010. Also some additional time has also been granted to business people to comply with the ‘Identity Theft Preventive Regulations’. Identification of fraud and theft will be easier after the implementation of this law. This law is basically for retailers and businesses involved in commerce as they are the ones who store and use personal information of residents of Commonwealth. If any personal information of a Massachusetts’s resident is leaked or misused, there could be serious actions taken against the business and people associated with the business.
According to the regulation, companies involved in commerce are required to maintain a written security plan to safeguard the personal information of the residents of Massachusetts. The following points will be considered to see whether the information security program is in compliance with the regulations:
• Size, scope and type of business of the person obliged to protect the personal information.
• Amount of resources available to such persons.
• Amount of stored data.
• Need for security and confidentiality of personal information of the residents.
To find more information about this protection law, you can visit the following websites:
http://www.mass.gov/pageID=ocaterminal&L=4&L0=Home&L1=Consumer&L2=Privacy&L3=Identity+Theft&sid=Eoca&b=terminalcontent&f=reg201cmr17&csid=Eoca
http://www.mass.gov/Eoca/docs/idtheft/compliance_checklist.pdf
Brian Kingsley – Director of Technical Services
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment