Q

Who is in charge of the Massachusetts data protection law audit?

Learn more about the process of data protection audits for the Massachusetts data protection law.

Our company is in the process of becoming compliant with the Massachusetts Data protection law. What is the audit process for this law, and is there a regular auditing body?

Massachusetts recently passed 17 CMR 201, a new data protection/data breach notification law. After several revisions

of the regulation and several delays in the compliance deadline, the rule is currently scheduled to go into effect March 1st of this year.

As of the time of this writing, there is no official proactive auditing process or body for this regulation. Organizations that are required to comply will only be audited if there is an investigation due either to a suspected or known data breach (and even then, an audit is not necessarily going to happen). The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR), which is part of the Secretary of the Commonwealth's office, has built the regulation, but enforcement will fall under the purview of the attorney general's office. The Massachusetts attorney general will be the one to determine whether an organization is in compliance, as well as pursue legal action in the event of non-compliance.

For more information:

This was first published in January 2010

Dig deeper on IT Security Audits

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close