Can I disclose personal information for a business purpose without complying with CCPA in Massachusetts? What are the requirements?

According to 201 CMR 17.00, all persons that own or license personal information about a resident of the Commonwealth of Massachusetts must comply with the standards to safeguard personal information contained in both paper and electronic records. The objectives of 201 CMR 17.00 is to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer ^[2.1].

Additionally, An Act to prohibit negative option sales and disclosure of financial and personal information without a consumer’s express agreement, Section 117, prohibits financial institutions, its officers, employees, agents, and directors from disclosing any financial or personal information relating to a customer, except as otherwise expressly provided in this chapter. Financial institutions shall adopt reasonable procedures to assure compliance with this subchapter. This section does not prohibit any of the activities listed in this subsection. This subsection shall not be construed to require any financial institution to make any disclosure not otherwise required by law. This subsection shall not be construed to require or encourage any financial institution to alter any procedures or practices not inconsistent with this section. This subsection shall not be construed to expand or create any authority in any person or entity other than a financial institution ^[3].

Therefore, it is not possible to disclose personal information for a business purpose without complying with CCPA in Massachusetts. The requirements are to comply with the standards to safeguard personal information contained in both paper and electronic records as per 201 CMR 17.00 and to not disclose any financial or personal information relating to a customer, except as otherwise expressly provided in this chapter as per Section 117 of An Act to prohibit negative option sales and disclosure of financial and personal information without a consumer’s express agreement ^[2.1][3].

Source(s):

• [2.1] Purpose and Scope
• [3] An Act to prohibit negative option sales and disclosure of financial and personal information without a consumer’s express agreement

Jurisdiction

Massachusetts

• Privacy