IT Compliance Advisor

May 18 2009   4:51PM GMT

What will compliance with the Massachusetts data protection act mean?

GuyPardon Guy Pardon Profile: GuyPardon

A bill being discussed in the Massachusetts Senate proposes major changes to MA GL 93H, the Data Breach Notification Act. These changes could in turn result in revisions to 201 CMR 17.00, the data protection regulation promulgated by the Office of Consumer Affairs and Business Regulation (OCABR), including removal of specific encryption requirements and deference to federal statutes.

The Massachusetts State-house in Boston, Massa...
Image via Wikipedia

We wrote about it last week in “Mass. Senate seeks to amend, weaken data breach notification law.” As you know, we’ve been covering news on the nation’s most comprehensive data protection law since the beginning of the year, including a podcast with the OCABR CIO and general counsel:

•    Podcast: New Massachusetts data protection law mandates IT compliance
•    Panels describe risks of noncompliance with Mass. data protection law

Kevin Beaver, a contributor to SearchCompliance.com, offered his commentary on the situation nationally: “Are you out of the loop on state data breach notification laws?

Sarah Cortes reminded the readers of SearchCompliance.com last week of  the risk of penalties for violating data privacy laws.

Anne McCrory, editorial director for the CIO/IT Strategy Media Group at TechTarget, also has rung in with her view: “It’s time for a federal data protection act,” following Scot Petersen’s take: “Red Flags Rule delay reveals troubling pattern developing.”

Our sister site, SearchSecurity.com, posted some additional advice:  Encrypt now to meet new Mass. data protection law.

So with all that out there, here’s what I’m wondering:

What do you think of the law?

What are your thoughts on the proposed revisions?

How are you approaching compliance with the regulation?

Do you have clients or partners that you are advising on the topic? What do they think?

I’ve been interviewing many of our readers on precisely these questions, including many thought leaders, CISOs, privacy officers and CIOs. I’d be grateful for your thoughts as well.

Please write to editor@SearchCompliance.com or directly to me at ahoward@techtarget.com.

As you know, you can also find us @ITCompliance on Twitter

Reblog this post [with Zemanta]

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • LeanStartupsdotcom
    Am I the only business operations professional who is disappointed about the new rules being relaxed? Yes, there are costs involved, but any properly run organization should have all the safe-guards in place already. It is just the right thing to do, good practice, and a good way to protect your company.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: