Massachusetts Office of Consumer Affairs and Business Regulation Issues Regulations Governing Protection of Consumer Information

Massachusetts has joined the growing list of states that are requiring businesses to encrypt and secure personal data. On May 1, 2009, new regulations will take effect that apply to all “persons who own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts.” Prior to May 1, 2009, steps must be taken by such persons to protect sensitive personal information.

The regulations define “personal information” as a Massachusetts resident’s first and last name, or first initial and last name, when found in combination with one or more of the following data elements: Social Security number, driver’s license number, state-issued identification card number, financial account number, or credit or debit card number. Excluded from the definition of personal information is information lawfully obtained from publicly available information or from government records lawfully made available to the general public.

For the full story, please view the PDF.