Massachusetts sweeping data security regulations went into effect on March 1st. The regulations which are intended to provide “minimum standards” for safeguarding personal information for any businesses that own or sell personal data of Massachusetts residents. Personal data is defined as per the table below:
Companies possessing such data must develop and monitor a comprehensive written “Information Security Program,” designate an employee to be responsible for the Information Security Program,, implement training, establish policies regarding access to the data, use encryption and require that service providers comply with these requirements in all written contracts. The full regulations are available here. Consult your counsel for compliance requirements. Mass Data Security Regs
Cyber Report 