An aggressive new data protection law went into effect on March 1, 2010. Massachusetts 201 CMR 17 requires companies to employ specific controls to protect the personal information of Massachusetts' residents.
This law has a bevy of specific administrative and technical controls, but what makes 201 CMR 17 stand out from other state data privacy laws is its preventive and prescriptive nature. In order to help you wrap your brain around this extensive new law, SearchSecurity.com offers its best resources on 201 CMR 17. Read on to get an in-depth look at the Massachusetts data protection law.
New data protection laws
In this Information Security magazine feature, Richard Mackey Jr. of SystemExperts describes Massachusetts 201 CMR 17, but also discusses the similar Nevada state data protection law. Mackey covers both the technical and administrative requirements of the law, as well as how to build an effective data protection program in the enterprise.
MA 201 CMR 17 enforcement less likely with prompt reporting, cooperation
Curious about how the data protection law will be enforced? Senior Site Editor Eric B. Parizo recently attended the Massachusetts Information Security Summit (MassISS), and he provides an inside look at how Massachusetts government officials plan on bringing enforcement action upon organizations that experience a data breach.
Encrypt now to meet new Mass. data protection law
Security expert Ed Moyle provides commentary on one important technical aspect of complying with MA 201 CMR 17.
Interpreting "risk" in the Massachusetts data protection law
David Navetta, a founding partner of the Information Law Group, interprets the risk-based language contained in the data protection law. Find out exactly how to weigh the outlined risk-based factors and how to resolve the ambiguities of "risk" in the law.
New Massachusetts data protection law mandates IT compliance
In this podcast, hosted by sister site SearchCompliance.com, Gerry Young, the CIO of Massachusetts Office of Consumer Affairs and David Murray, general counsel at the same office, discuss what prompted the legislation in the first place, how organizations can create the required written information security program, and whether or not there will be a certification process related to the law.
This was first published in March 2010