Mass. delays enforcement of data security regs

The Massachusetts' Office of Consumer Affairs and Business Regulation is postponing the compliance date for its identity theft data security regulations in light of the current economic crisis.

The general compliance deadline for the state's 201 CMR 17 regulations was initially set for Jan. 1, 2009, but officials have pushed it to May 1. The regulations, issued in September, call for the encryption of wirelessly transmitted data and documents stored on laptop PCs or flash drives and the use of up-to-date firewall protection.

Massachusetts' new deadline matches the date for complying with the Federal Trade Commission's red flag rules, which require financial institutions and creditors to develop and implement programs to prevent identity theft. Businesses seeking to comply with the FTC requirements can now save money by addressing the state's regulations at the same time.

The deadline for third-party service providers to protect personal information was also extended to May 1, while the deadline for requiring written certification from third-party providers was extended to Jan. 1, 2010.

The deadline for ensuring encryption of laptop PCs is May 1, and the deadline for encrypting other portable devices is Jan. 1, 2010.

About the Author

Kathleen Hickey is a freelance writer for GCN.

inside gcn

  • Get ready for IoT-enabled threats

    Mirai creators helping FBI crack cybercrime cases

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group