Skip to content
DWT logo
People Services Insights
About Offices Careers
Search
People
Services
Insights
About
Offices
Careers
Search
Advisories
Privacy & Security

Businesses Given More Time to Comply with New Massachusetts Data Security Regulations

By Randy Gainer and John D. Seiver
June 2009
Share
Print this page

In a press release issued Nov. 14, 2008, the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) extended the deadline for complying with its new regulations specifying how businesses must protect personal information about Massachusetts residents.

As we described in our September 2008 advisory, the regulations, 201 CMR 17.00, require businesses that store or process information about Massachusetts residents to encrypt documents sent over wireless networks and the Internet, to encrypt documents stored on laptops and other devices, to use firewalls and other security measures to protect the data, and to ensure that their service providers have the capacity to keep the data secure. The regulations had been scheduled to take effect Jan. 1, 2009.

Businesses have reported difficulty meeting the deadlines to encrypt information and to verify the capacity of their service providers to keep all information about Massachusetts residents secure.

The Massachusetts OCABR extended the deadline to comply with the regulations generally to May 1, 2009, the same (extended) effective date for the Federal Trade Commission's identity theft “Red Flag” rules. OCABR extended the deadline to encrypt data on PDAs, USB drives, and similar devices other than laptops to Jan. 1, 2010. OCABR also delayed to Jan. 1, 2010 the deadline for businesses to obtain written certification from their service providers that the service providers will protect information about Massachusetts residents in accordance with the new rules.

We are available to provide further information about the Massachusetts regulations, OCABR's postponement of the deadlines, or identity theft rules and issues generally.

Related Articles

2025
Feature
Financial Services
New Administration Outlook: Helping You Navigate Post-Election Uncertainty in 2025 and Beyond Read More External Link
03.25.25
Publications
Artificial Intelligence
Co-author, "Privacy Law Issues for Developers and Deployers of Generative Artificial Intelligence," LexisNexis Read More External Link
02.27.25
Webinars
Privacy & Security
"Securing Americans' Sensitive Data: Understanding the DOJ's New Final Rule," Davis Wright Tremaine Webinar Read More
DWT logo
©1996-2025 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Not intended as legal advice. Prior results do not guarantee a similar outcome.
Media Kit Affiliations Legal notices
Privacy policy Employees DWT Collaborate EEO
SUBSCRIBE
©1996-2025 Davis Wright Tremaine LLP. ALL RIGHTS RESERVED. Attorney Advertising. Not intended as legal advice. Prior results do not guarantee a similar outcome.