new Massachusetts personal info requirements
Thursday, September 25th, 2008Networks Unlimited just sent out a note (thanks!) about the Mass Office of Consumer Affairs’ new
Standards for The Protection of Personal Information of Residents of the Commonwealth, aka 201 CMR 17.00: M.G.L. c. 93H. It outlines the responsibilities of anyone who gathers personal information on Mass residents. At a glance, they look pretty reasonable. From the intro:
Every person that owns, licenses, stores or maintains personal information about a resident of the Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information.
It’ll be interesting to sit down with this & see how our policies & procedures match up.