Alerts and Updates

Massachusetts Extends Compliance Deadline Again for New Information Security Rules Applying to Unsuspecting Businesses

March 5, 2009

The Massachusetts Office of Consumer Affairs and Business Regulation has extended the deadline for compliance with the state's new information security regulations from May 1, 2009, to January 1, 2010. The regulations require all businesses that own, license, store or maintain personal information about a resident of Massachusetts to encrypt that information when stored on portable devices or transmitted wirelessly or on public networks, and adopt a comprehensive, written information security program.

The regulations had originally been scheduled to take effect on January 1, 2009. The recent turmoil in the business world, along with the business community's increased understanding of what the law requires, led to the extended deadline.

For Further Information

Please see our previous Alerts on the topic and on the "Red Flag" Rules.

"Red Flag" Identity Theft Rules Apply to Unsuspecting Businesses; FTC Extends Compliance Deadline

"Red Flag" Rules May Snare Unsuspecting Businesses

Feds Force Businesses to Implement Identity Theft Prevention Measures by Fall 2008

If you have any questions regarding these regulations, including how they may affect your company, please contact a member of the Information Technologies and Telecom Practice Group or the lawyer in the firm with whom you are regularly in contact.

Disclaimer: This Alert has been prepared and published for informational purposes only and is not offered, nor should be construed, as legal advice. For more information, please see the firm's full disclaimer.