Skip to main content

Massachusetts Attorney General proposes privacy regulations to apply to her office

Written by Cynthia and Elissa

An oft-cited criticism of the Massachusetts data security regulations (201 CMR 17.00), effective March 1, 2010, is that the regulations specifically do not apply to government entities -- the only reason being that the Office of Consumer Affairs and Business Regulation does not have the authority or jurisdiction to enact regulations over governmental entities in Massachusetts.

One agency is seeking to correct that. The Massachusetts Office of the Attorney General has released draft privacy regulations to apply to the AG’s office, effective December 31, 2009. The regulations mirror the obligations imposed upon private business by 201 CMR 17.00.

This post would not be complete if we did not also take note of the fact that Attorney General Martha Coakley is a candidate for the U.S. Senate seat left vacant by the death of Senator Edward Kennedy.

Subscribe To Viewpoints


Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.