Posted by: RAPV | March 1, 2010

New Privacy Act: What you need to know

Effective today, March 1, 2010, Massachusetts has implemented new data security regulations. The regulations, commonly known as the Privacy Act  (201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth), apply to any person or business that collects, owns or licenses personal information about a resident of the Commonwealth, including employees. The regulations require businesses to form a written information security program (WISP) based on the
business size, scope and available resources.

Your local association encourages you to assign a member of your team/staff to be the data security coordinator. That staff member should read through all of the information we have provided and immediately begin drafting a WISP. Click this link for a sample WISP, we recommend using the sample as a base and adding specific information to tailor the document to your business.

First, take inventory of what information you collect in order to develop your WISP and remain in compliance. Also, review all forms and information that are collected from consumers to make sure that no unnecessary information is collected by your business.

Your WISP must identify the measures that will be taken to safeguard both electronic and hardcopy files. The WISP must “specify reasonable resitrctions upon physical access to records containing personal information and storage of such records in locked facilities and storage containers.” Electronic files must be encrypted in cases where encryption is “technically feasible”. Your WISP must be in writing.

You must also notify the Massachusetts Office of Consumer Affairs and Business Regulations and the Attorney General if there is a security breach within your business.

For more information, see the links below:
MAR’s Privacy Act Webinar
Compliance Checklist
Governor’s Office Press Release

The MAR Legal Hotline is also available as a legal resource, access the Hotline by calling 800-370-LEGAL (5342) or by sending an e-mail to


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: