The regulations, written by the Administration's Office of Consumer Affairs and Business Regulation, mandate any business or entity storing or transmitting personal information of a Massachusetts resident create a written security plan that details how that information will be protected from theft or loss. Personal information is defined as the combination of a consumer's name along with information like Social Security number, or bank or credit card account numbers.Patrick-Murray Administration, which Authored Massachusetts’ Groundbreaking Personal Information Security Measures, Recognizes Data Privacy Day 2010Consumer Affairs and Business Regulationocabrhttp://www.mass.gov/ocabr/business/identity-theft/patrick-murray-administration-which-authored.html2010-01-28T00:00:00Z2010-01-28T00:00:00ZBOSTON – In recognition of Data Privacy Day, which is Jan. 28, 2010, the Office of Consumer Affairs and Business Regulation is continuing its efforts to support the Patrick-Murray Administration’s data security regulations, which take effect March 1.
Officials from the Office are attending a seminar today with high-tech businesses to discuss compliance with the new regulations. Since updated regulations were announced in August 2009, the Office has participated in more than 25 such seminars.Small-Business Considerations Reflected in Massachusetts' Revised ID Theft RegulationsConsumer Affairs and Business Regulationocabrhttp://www.mass.gov/ocabr/business/identity-theft/small-business-considerations-reflected-in.html2009-08-17T00:00:00Z2009-08-17T00:00:00ZBOSTON -- Aug. 17, 2009 -- In keeping with Governor Deval Patrick’s commitment to balancing consumer protection with the needs of small business owners, Massachusetts Undersecretary of the Office of Consumer Affairs and Business Regulation Barbara Anthony today announced adjustments to Massachusetts’ identity theft regulations that maintain protections and also reinforce flexibility in compliance by small businesses.
The updated regulations will take effect March 1, 2010. The regulations make clear that their approach to data security is a risk-based approach that is especially important to small businesses that may not handle a lot of personal information about customers. Under a risk-based approach, a business, in developing a written security program, should take into account its size, nature of its business, the kinds of records it maintains, and the risk of identity theft posed by its operations.Office of Consumer Affairs Files Revised ID Theft RegulationsConsumer Affairs and Business Regulationocabrhttp://www.mass.gov/ocabr/business/identity-theft/office-of-consumer-affairs-files-revised-id.html2009-02-12T00:00:00Z2009-02-12T00:00:00ZBOSTON - February 12, 2009 - Today, the Office of Consumer Affairs and Business Regulation filed revised identity theft regulations that will preserve the privacy of consumers by increasing the level of security on personal information held by businesses and other entities.
The regulations will take effect Jan. 1, 2010, and mandate that personal information -- a combination of a name along with a Social Security number, bank account number, or credit card number -- be encrypted when stored on portable devices, or transmitted wirelessly or on public networks. Encryption of personal information on portable devices carrying identity data like laptops, PDAs and flash drives must also be completed by Jan. 1, 2010, and will ensure better protection of personal information.Business Community Given Additional Time to Comply with Identity Theft Prevention RegulationsConsumer Affairs and Business Regulationocabrhttp://www.mass.gov/ocabr/business/identity-theft/business-community-given-additional-time-to.html2008-11-14T00:00:00Z2008-11-14T00:00:00ZPatrick Administration Issues Comprehensive Identity Theft Prevention Regulations & Executive OrderConsumer Affairs and Business Regulationocabrhttp://www.mass.gov/ocabr/business/identity-theft/patrick-administration-issues-comprehensive.html2008-09-22T00:00:00Z2008-09-22T00:00:00Z