Can I collect device information from participants in Massachusetts? What are the requirements?

Based on the additional context provided, it appears that collecting device information from participants in Massachusetts may be subject to certain requirements depending on the context and purpose of the data collection.

For instance, if you are collecting device information as part of a plan approved by the executive office and council or the e-Health institute, including every grantee and implementing organization that receives monies funded in whole or in part from the e-Health Institute Fund established in section 6E of chapter 40J or the Massachusetts Health Information Exchange Fund established under section 10, you must ensure compliance with all state and federal privacy requirements, including those imposed by the Health Insurance Portability and Accountability Act of 1996, P.L. 104–191, the American Recovery and Reinvestment Act of 2009, P.L. 111–5, 42 C.F.R. §§ 2.11 et seq. and 45 C.F.R. §§ 160, 162 and 164 ^[1.2](^[1.2]).

Similarly, if you are collecting device information for electronic gaming devices in a gaming establishment, you must comply with the requirements outlined in the Installation and Approval for Use of an Electronic Gaming Device document, which includes validating and processing the information provided in the request for approval relative to each electronic gaming device, ensuring that each individual electronic gaming device is identical in all material mechanical, electrical, electronic, or other material aspects to the prototype certified on which the electronic gaming device is based, and potentially requiring a trial period to test the gaming device in a gaming establishment to determine whether it complies with the regulations ^[3.1](^[3.1]).

However, if you are collecting device information for other purposes, such as for logging requirements for information dissemination or fingerprinting, you must comply with the specific requirements outlined in the relevant documents, such as maintaining a secondary dissemination log containing specific information about the dissemination of information obtained from or through CJIS, including CORI and criminal history record information, to another authorized CJA or to an individual employed by an authorized CJA ^[4.1](^[4.1]), or submitting fingerprints to the Massachusetts State Police State Identification Section in certain instances, such as any employment background check for a position with a criminal justice agency or any felony arrest by a law enforcement agency ^[4.2](^[4.2]).

Therefore, it is important to determine the specific context and purpose of collecting device information from participants in Massachusetts in order to determine the relevant requirements that must be followed.

Source(s):

• [1.2] Plan requirements
• [3.1] Installation and Approval for Use of an Electronic Gaming Device
• [4.1] Logging Requirements for Information Dissemination
• [4.2] Fingerprinting

Jurisdiction

Massachusetts

• Privacy