Ask the Expert

Who is in charge of the Massachusetts data protection law audit?

Our company is in the process of becoming compliant with the Massachusetts Data protection law. What is the audit process for this law, and is there a regular auditing body?

    Requires Free Membership to View

Massachusetts recently passed 17 CMR 201, a new data protection/data breach notification law. After several revisions of the regulation and several delays in the compliance deadline, the rule is currently scheduled to go into effect March 1st of this year.

As of the time of this writing, there is no official proactive auditing process or body for this regulation. Organizations that are required to comply will only be audited if there is an investigation due either to a suspected or known data breach (and even then, an audit is not necessarily going to happen). The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR), which is part of the Secretary of the Commonwealth's office, has built the regulation, but enforcement will fall under the purview of the attorney general's office. The Massachusetts attorney general will be the one to determine whether an organization is in compliance, as well as pursue legal action in the event of non-compliance.

For more information:

This was first published in January 2010

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: