Massachusetts Data Breach Laws, Regulations, And Responsibilities presented at SOURCE Boston 2009

by Benjamin Jackson,

Tags: Security Business

Summary : Massachusetts has taken great leaps regarding data breach notification over the past years. In 2007, the Governor signed the Data Breach Notification Law, which requires businesses and government agencies to notify residents and designated officials when data breaches occur. In 2008, the Governer issued Executive 504, which mandates that all confidential information stored by Commonwealth agencies meet approved security guidelines. In 2009, the Massachusetts Office for Consumer Affairs and Business Regulation started enforcing 201 CMR 17.00, titled "Standards for The Protection of Personal Information of Residents of the Commonwealth." This presentation discusses such issues as: How do these new laws and regulations affect entities doing business in the Commonwealth? How effective are they? What situations apply? Who must be notified and when? How is "personal information" defined and classified? And, how is the Commonwealth making sure it's own store is in order?