March 1 is the compliance deadline for the Massachusetts Data Privacy Law. 201 CMR 17.00 requires you to be in full compliance on or before January 1, 2009 January 1, 2010 March 1, 2010.
If your company receives, stores, maintains, processes or otherwise has access to “personal information” acquired in connection with employment or with the provision of goods or services to a Massachusetts resident you are subject to the requirements of 201 CMR 17.00.
If you have employees or customers in the Commonwealth of Massachusetts, then you are subject to this law. The law is not restricted to companies located in Massachusetts. But if you are located in Massachusetts then you have Massachusetts employees and their personal information, making you subject to the requirements of the law.
The law is a bit watered down since its initial form, but you still need to pay attention to it. There are some reasonableness standards in the requirements that make it easier to comply. You still need a policy, need to inventory your stores of “personal information” and educate your employees about the importance of safeguarding personal information.
The Office of Consumer Affairs and Regulation has published a handy 201 CMR 17.00 Compliance Checklist (.pdf).
You should also review and be familiar with the law itself contained in 201 CMR 17.00 Standards for the Protection of Personal Information (.pdf).
Since today is March 1, you still have a few hours to get things in place to be compliant with the law. If you haven’t done taken the proper steps, stop reading and go do it.
Previous Posts: