The Massachusetts of Consumer Affairs and Business Regulation has provided guidance regarding its new regulations requiring all entities that own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts to develop, implement and maintain a comprehensive written information security program and make specific computer information security requirements. The regulations, which have a January 1, 2009 compliance date, are discussed in detail in a Goodwin Procter Client Alert available here.
The newly issued guidance consists of the following:
-
Frequently Asked Questions – available at http://www.mass.gov/Eoca/docs/idtheft/idbreachfaqs.pdf
-
Small Business Guide for Formulating a Comprehensive Written Information Security Program ‑ available at http://www.mass.gov/Eoca/docs/idtheft/sec_plan_smallbiz_guide.pdf
-
Compliance Checklist ‑ available at http://www.mass.gov/Eoca/docs/idtheft/compliance_checklist.pdf