The New Massachusetts Data Security Requirements: Additional Obligations or More of the Same?
Employee Benefit News
7/24/2009
Legal requirements to protect and secure the personal information of individuals are increasing in number and in scope. Effective Jan. 1, 2010, any business that "owns, licenses, maintains or stores" the "personal information of a Massachusetts resident" is required to develop a written information security plan and establish a security system that will protect the personal information in transit (across public networks, such as the Internet) or at rest (in storage, or portable devices, or on hard drives).
In this article, published on July 24, 2009 in Employee Benefit News, Mintz Levin attorney Cynthia Larose provides an outline of the data security requirements and a comparison to HIPAA/ARRA. Additionally, she details her recommendations for compliance and the penalties that companies could face if they fail to meet the standards.
Click here to read the article in full.
