Information Technology organizations in Massachusetts face an added task - compliance with MA state law 201 CMR 17. What this translates into is ensuring encryption and appropriate privacy controls around personal identifying information. While the law primarily focuses on identifying information such as social security numbers or credit card numbers, savvy IT managers will use this as an opportunity to review identity data in their organizations for general improvements in security and confidentiality. This law was originally slated to go into effect on January 1, 2009. This deadline was later extended to May 1, 2009 (see press release) and in early February, extended again to January 1, 2010 (see press release). Click here to see the amended regulation with the revised deadline.
Helpful Links: