The state of Massachusetts has enacted new laws for all businesses, regardless of operational or physical location, that handle any personal information belonging to any resident of the state of Massachusetts. The law aims to protect the residents of Massachusetts from the rising cases of crimes. According to this law, personal information refers to the first and last names of a person, or a person’s first initial and last name.
Personal information also includes financial records, driver’s license numbers and social security numbers. The state of Massachusetts now makes it mandatory for all businesses to observe the requirements of 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth.
Also referred to as Massachusetts Privacy Law or simply 201 CMR 17, this law has played a critical role in curbing fraud in the state of Massachusetts. In summary, the law requires businesses to fulfill three main requirements (The General Court 1-3). First, the law requires businesses to employ officials to maintain systems that aim at protecting personal information.
Secondly, an organization should take sensible measures to verify that its business associates with access to personal information do not pose a threat to such information. Lastly, the law sets limits on the amount of personal information that a business might collect.
Under Section 2 of the law, one of the aims is to guarantee the confidentiality and security of customers’ information in a manner that fully complies with the standards of the industry. The law also aims to ensure that businesses put appropriate safeguards to maintain the integrity and security of customers’ information.
In addition, the law aims to prevent unlawful access to personal information that may cause harm to consumers (The General Court 1-3).
The law considers a number of issues, which include the person’s nature, size and scale of business, the volume of information collected, and the resources at the individual’s disposal. In addition, the law considers the need for privacy and safety of personal information relating to both the worker and the consumer.
201 CMR 17 applies to all persons in the state of Massachusetts. In this case, the word person includes partnerships, associations, corporations and other legal entities in the state of Massachusetts containing personal information of its residents. The law requires all residents of Massachusetts, whether in transit or at rest, to comply with the regulations of 201 CMR 17.
The procedural controls are essential because they intend to ensure that illegal activities do not cause data infringements on all records containing personal information.
Electronic records are secured to protect personal information on applications, portable devices, laptops and databases in which electronic personal information can be at rest or in transit (Novation Media 3-17). As a requirement by the law, businesses must evaluate security risks within the stipulated time.
Failure to comply with the requirements of 201 CMR 17 attracts a number of penalties imposed through Title XV of the Massachusetts General Law (Regulation of Trade, Chapter 93A, Section 4). Individuals who violate the requirements of the law face civil penalties requiring them to pay $5,000 for each contravention.
In addition, they have to pay reasonable costs associated with litigations and investigations of such contraventions (Novation Media 1-22). In addition, Title XV requires timely reporting of any data-related contravention to both the attorney general and the office of consumer affairs and business regulation (OCABR).
Works Cited
Novation Media. Written Information Security Policy Overview. 1 February 2010. Web.
The General Court. Section 2: Regulations to Safeguard Personal Information of Commonwealth Residents. 2013. Web.