State Privacy Regulations
State privacy regulations have been established by at least forty-four states. Massachusetts is one of the most recent states to establish privacy regulations and security breach notification requirements. In our opinion, the Massachusetts regulations are the most comprehensive set of regulations yet established at the state level, and is likely to become the template for other states. Therefore, businesses and other organizations which have compliance efforts underway regarding privacy regulations, should consider achieving compliance with at least the minimum safeguards defined by the Massachusetts regulations. We believe doing so will minimize new compliance efforts over the next few years as states and possibly the federal government increase their requirements for safeguarding personal information.
The American Institute of Certified Public Accountants (AICPA) web site is a resource for accessing specific state privacy regulations.
The Massachusetts Office of Consumer Affairs and Business Regulation established significant new Regulations which may affect how your business protects certain confidential information. The Regulations apply to every business and legal entity - even those with no physical presence in the state - that collects or stores confidential personal data regarding consumers or employees residing in Massachusetts. The original deadline for compliance was January 1, 2009, but as a result of an extension issued on August 17, 2009, the current deadline is March 1, 2010.