Compliance executives across the nation are increasingly worried that Massachusetts’ troublesome new data privacy law, scheduled to go into effect at the start of 2010, is still a cauldron of unanswered compliance questions.
The law—now embodied as state regulation 201 CMR 17.00—is far more rigorous than any other data privacy rule in the country. It spells out a host of specific pieces of information to be protected and lists specific controls it expects all companies to have, if they want to store information about Massachusetts residents. It sets detailed standards for encryption, password protection, and more.
MacDougall
“In contrast to other ...