Massachusetts will begin enforcing the compliance deadline for its regulations aimed at curbing identity theft on March 1, 2010. The regulations have been delayed over the course of 2009 to allow for sufficient awareness and to address concerns and confusion within companies as to who is covered and what is required.
The regulations contain standards for how personal information of Massachusetts residents must be protected. They require a company to maintain an information security policy with appropriate safeguards as set forth in the regulations. Pursuant to these safeguards, companies must take the appropriate steps in overseeing third party service providers that handle personal information and encrypt personal information under specific circumstances. Written policies intended to make companies address and identify risks aimed at preventing identify theft are also required under the regulations.
If you own a license, a store, maintain or otherwise receive personal information from Massachusetts residents in connection with your business, you should review your information security policy to ensure that your company is in full compliance with the regulations by March 1. If you have any questions regarding the new regulations or how they could affect your company, please contact an employment law attorney.