Ask Reggi Your Question Now
Can you summarize 201 CMR 17?
Office of Consumer Affairs and Business Regulation > Standards for the protection of personal information of residents of the Commonwealth
Short Summary
The legal document 201 CMR 17.00 establishes the Standards for the protection of personal information of residents of the Commonwealth of Massachusetts. It applies to all persons that own or license personal information about a resident of the Commonwealth. The document aims to ensure the security and confidentiality of customer information, protect against threats or hazards to the security or integrity of such information, and prevent unauthorized access or use that may harm consumers. The document defines key terms and specifies the data elements that relate to a Massachusetts resident. It excludes information obtained from publicly available sources or government records made available to the general public. The document outlines the duty to protect and the standards for protecting personal information, requiring the development, implementation, and maintenance of a comprehensive information security program. The program must include administrative, technical, and physical safeguards appropriate to the business’s size, scope, and type, as well as regular monitoring, review, and documentation of security measures. Additionally, the document mandates specific computer system security requirements for persons who electronically store or transmit personal information. It emphasizes secure user authentication, access control measures, encryption of transmitted records, monitoring of systems, encryption of personal information on portable devices, firewall protection, up-to-date system security software, and employee education and training on computer and personal information security. The document sets a compliance deadline of March 1, 2010, for persons who own or license personal information about a resident of the Commonwealth.
Whom does it apply to?
Persons, agencies, employees, agents, and service providers that receive, store, maintain, process, or have access to personal information in connection with the provision of goods or services or in connection with employment
What does it govern?
Standards for the protection of personal information of residents of the Commonwealth
What are exemptions?
Information obtained from publicly available sources or government records made available to the general public
What are the Penalties?
Penalties for non-compliance or violation of the document's provisions are not mentioned in the provided content
Jurisdiction
Massachusetts