Massachusetts 201 CMR 17.00 covers Standards for The Protection of Personal Information of Residents of the Commonwealth, with specific provisions for computer security. If a business does not comply with the CMR 17.00 regulation, that company can be found professionally negligent. If they are not compliant and a verdict is awarded, insurance will not cover the loss. This can easily put a business into bankruptcy.
Does this law apply to you and your business? If so, watch out.
Very few businesses are even aware of this law that began its implementation phase on March 1st, 2010 – and this regulation promises to add time and expense to your business operations.
This new law applies to your business if you electronically store a single Massachusetts resident’s last name and first name on a computer as well as any one of the following pieces if information:
- Social Security number
- Driver’s license number
- State Issued I.D.Card number
- Financial account number (credit card or debit card); or an access code that would allow you to access that person’s financial information.
We want to help! Here are links to current Massachusetts documents:
201 CMR 17.00: Standards for the Protection of Personal Information of MA Residents (10/19/2017)
201 CMR 17.00 COMPLIANCE CHECKLIST – The Office of Consumer Affairs and Business Regulation has compiled this checklist to help
small businesses in their effort to comply with 201 CMR 17.00. (Dated Nov 15, 2018)