The current deadline for complying with the Massachusetts Data Privacy Law is January 1, 2010. Since the law protects personal data of the citizens of the Commonwealth of Massachusetts, its reach extends well beyond the state borders. TechTarget recently held a seminar on 201 CMR 17.
It is tough law to deal with. Even its creators are unsure about what it actually says. At the Compliance Decisions conference, a presenter from the state government overstated the requirements of the law: No easy answers for complying with data protection regulations.
Based on some coverage of the seminar, some interesting items came out.
When it comes to wireless standards: “You have to look at what is considered industry back practices. Specific to a wireless control, don’t go out and look at WEP. Don’t go out and look at WPA. Both of those protocols have been breached. You’ve got to go to WPA2.”
When it comes to compliance and enforcement: “It is true that the attorney general is going to decide what is in compliance or not.”
References:
- No easy answers for complying with data protection regulations by: Scot Petersen for Search Compliance.com
- Mass. officials, compliance officers debate data protection law by Alex Howard for SearchCompliance.com
- Implementing compliance with the Massachusetts data protection act by Alex Howard for SearchCompliance.com
- Podcast with Alex Howard, Gerry Young, CIO of the Massachusetts Office of Consumer Affairs and Business Regulation, and David Murray, General Counsel, on the Massachusetts Data Protection Act