Alerts and Updates
Massachusetts Extends Compliance Deadline on New Information Security Rules Applying to Unsuspecting Businesses
November 18, 2008
The Massachusetts Office of Consumer Affairs and Business Regulation has extended the deadline for compliance with the state's new information security regulations from January 1, 2009, to May 1, 2009. The regulations require all businesses that own, license, store or maintain personal information about a resident of Massachusetts to adopt a comprehensive, written information security program. The security program must include a computer security system that encrypts all records and files containing personal information, including all employee and consumer information.
The Massachusetts regulator has extended the deadline to accommodate businesses that may be experiencing financial challenges brought on by recent economic conditions. The new Massachusetts compliance coincides with the FTC's extended compliance date for the "Red Flag" information security and identity theft rules.
For Further Information
Please see our previous Alerts on the topic and on the "Red Flag" Rules.
If you have any questions regarding these regulations, including how they may affect your company, please contact a member of the Information Technologies and Telecom Practice Group or the lawyer in the firm with whom you are regularly in contact.
Disclaimer: This Alert has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm's full disclaimer.