New Regulations for Protection of Massachusetts Residents’ Personal Information
Code of Massachusetts 201 17.00 deals with the protection of personally identifying information. These guidelines were enacted as law, and deal with information security standards and notification of security breaches. The laws apply to businesses that “own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts “. Massachusetts is not the first state to enact such laws, but rather has followed along with the new trend- creating regulations based around information security and the protection of state residents.
Personally Identifiable Information (referred to as PII) is loosely defined as a data entity including the first name or first initial, last name and combined with other non-public information such as financial account numbers, social security numbers, driver’s license numbers, or PIN numbers that when combined, create a unique profile of a person. The combination of these factors would be useful in assuming an identity or committing fraud using another party’s name. The Commonwealth of Massachusetts declares that lawfully obtained publically accessible information is excluded from being categorized as PII, as is information gathered in good faith. Oddly enough, Mass CMR 201 17.00 does not apply to state government, but a separate executive order (501) does. Continue reading “MASS CMR 201 17.00”