MA regulatory monitoring

201 CMR 17 (data security regs) and every new privacy bill in Massachusetts.

High — applies to anyone with MA-resident customer/employee data, no size threshold

Get MA alerts Browse MA bills
Law
201 CMR 17 (data security regs)
Effective
2010-03-01
Status
enacted

What the law requires

Compliance obligations

  • 01 Written information security program (WISP) required for anyone holding MA resident personal info
  • 02 Encryption of personal data in transit and on portable devices
  • 03 Vendor management — written contracts requiring third parties to implement equivalent safeguards

Penalties

Up to $5,000 per violation under MA consumer protection law, plus breach notification obligations

Recent MA bills

No bills tracked yet for MA. New legislation will appear here as our cron picks it up.

Stay current on MA

Get the next MA bill in your inbox.

Free weekly digest. One state, no card required.