Alert November 18, 2008

Massachusetts Information Security Rules Effective Date Delayed

The Massachusetts Office of Consumer Affairs and Business Regulation announced that it has delayed the effective date of the state’s new information security rules. Most provisions of the rules will now go into effect on May 1, 2009. The mandatory compliance date for provisions requiring written certification of compliance from third-party service providers and for the encryption of portable electronic devices other than laptops has been extended to January 1, 2010. The rules, which were discussed in the October 7, 2008 Alert, had been scheduled to go into effect on January 1, 2009. Click here for the announcement.