The Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth (201 CMR 17.00) is in effect January 1, 2010. This law mandates that personal information — a combination of a name along with a Social Security number, bank account number, or credit card number — be encrypted when stored on portable devices, when transmitted wirelessly, or when transmitted on public networks.
This law affects “persons who own, license, store or maintain personal information” about Massachusetts residents. It requires designation of specific staff to maintain a comprehensive information security program and implementing other steps to ensure the ongoing safekeeping of personal information.
This law also specifies that “encrypted” data should use “an algorithmic process in which meaning cannot be assigned without the use of a confidential process or key.”
Smarsh, Inc. assumes no liability for the accuracy or completeness of this information. Please consult with an attorney for specific information on specific rules and regulations and how they apply to your business.