Can I use third-party social media tools that collect personal information in Massachusetts? What are the requirements?

Yes, you can use third-party social media tools that collect personal information in Massachusetts, but you must comply with certain requirements.

Requirements for using third-party social media tools that collect personal information in Massachusetts

• Ensure that the third party implements and monitors compliance with policies and procedures that prohibit unauthorized access to or acquisition of or use of personal information during the collection, transportation, and disposal of personal information ^[1.1].
• Comply with the regulations adopted by the Department of Consumer Affairs and Business Regulation to safeguard personal information of residents of the Commonwealth ^[3.2]. These regulations are designed to safeguard the personal information of residents of the Commonwealth and shall be consistent with the safeguards for protection of personal information set forth in the federal regulations by which the person is regulated ^[3.2]. The objectives of the regulations shall be to ensure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer ^[3.2].

Note that the above requirements are not exhaustive and you may need to comply with additional regulations depending on the specific circumstances of your use of third-party social media tools that collect personal information in Massachusetts.

Relevant Definitions

• Personal Information means a Massachusetts resident’s first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver’s license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided, however, that “personal information” does not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public ^[5.1].

If you have any further questions or concerns, please consult a legal professional.

Source(s):

• [1.1] Standards for disposal of records containing personal information; disposal by third party; enforcement
• [5.1] Definitions
• [3.2] Regulations to safeguard personal information of commonwealth residents

Jurisdiction

Massachusetts

• Privacy