The floodgates of guidance about Massachusetts’ new data privacy regulations are officially open.
The new rules, bureaucratically known as 201 CMR 17.00, took effect March 1 and are widely considered to be the toughest privacy standard in the nation. They apply to any company that “owns or licenses” personal information—whether stored in electronic or paper form—about Massachusetts residents. The law defines personal information as a person’s first and last name, or first initial and last name in combination with any of the following: Social Security Number; driver’s license or state-issued identification numbers; financial account numbers; and credit or debit card numbers.
