New Massachusetts Regulations for the Protection Of Personal Information

Newly adopted Massachusetts regulations could have a serious impact on local businesses who store the personal information of their customers. Scheduled to take effect on January 1, 2010, 210 CMR 17.00 implements the provisions of M.G.L. Chapter 93H relative to those persons who own, license, store or maintain the personal information of residents of the Commonwealth of Massachusetts. What does that mean? If you are an individual or business entity who has the personal information of a resident of the State of Massachusetts in your possession, you must do all that you can to protect such personal information.

So what constitutes personal information? According to the new regulations, personal information is defined as: A persons first and last name or first initial and last name in combination with any of the following: 1) Social Security number; 2) Driver’s License number or state-issued identification card number; 3) financial account number, or credit or debit card number, with or without any required security code, personal identification number or password, that would permit access to a residents financial account. Personal information does not include any information that is readily available and can be lawfully obtained through public records, whether federal, state or local records.

Pursuant to the new regulations it is up to the individual or business that maintains or uses this personal information to develop standards to protect such information from winding up in the wrong hands. Each individual or business entity must design a protection program that is current with industry standards. This includes, but is not limited to, administrative, technical and physical safeguards to ensure that the security and confidentiality of said records is not breached. The specifics on what needs to be done, and how records are to be maintained, are not defined in this article, but they are relative to the size and sophistication of the individual or company. The details can be found in a closer examination of the regulations. (210 CMR 17.00). In addition, there are more specific standards for computer systems which store personal information.

Any individual or company found to have violated these regulations is subject to prosecution by the Attorney General under M.G.L. Ch. 93A § 4. To avoid liability, those entrusted with the personal information of others should carefully read the new regulations and consult an attorney with any questions they may have about exposure and/or violations of the new regulations.

By: Joseph W. Jussaume, Esq.

Fill out our quick case evaluation form below or call us at 978-452-8902.

NOTE: Labels in bold are required.

IRS Random Audits
Starting in October, 2007, the Internal Revenue Service will be conducting a Random Audit Program.

Innovative Customized Fixed Fee Programs for Small and Medium Sized Businesses - First of Its Kind

Eno, Boulay, Martin & Donahue, LLP

21 George Street
Lowell, MA 01852
Phone: 978-452-8902
Fax: 978-453-2585

Home : Firm Overview : Attorneys : Business Practice : Family Practice :In The News : Articles : Resources : Contact Us

The law firm of Eno, Boulay, Martin & Donahue serves Merrimack Valley businesses, families and individuals in Massachusetts and New Hampshire, including such communities as Lowell, Chelmsford, Tewksbury, Methuen, Lawrence, Nashua, Salem NH, Worcester, Burlington, Willmington, Needham, Waltham, Peabody, Salem, Beverly, Middlesex County, Essex County, Hillsborough County and Rockingham County, Worcester, Waltham, Framingham, Boston, Cambridge, Nashua NH, Manchester NH.

FirmSite® by FindLaw, a Thomson Reuters business.