Definition

Massachusetts data protection law

Part of the Data and data management glossary:

What is the Massachusetts data protection law?

Next Steps

The Massachusetts data protection law is legislation that stipulates security requirements for organizations that handle the private data of residents. The law is more formally known as "Standards for The Protection of Personal Information of Residents of the Commonwealth" (or 201 CMR 17.00). Similar legislation is under consideration in most other states.

The Massachusetts data protection law includes requirements for:

  • Encryption of personal data.
  • Retention and storage of both digital and physical records.
  • Network security controls (firewalls, for example).
  • Risk management policies and practices.
  • Employee training.
  • Adequate documentation of data breaches.
  • Adequate documentation of any policy changes.
  • Ensuring that any associated third-party providers who have access to the data maintain the same standards.

The Massachusetts data protection law replaces earlier legislation requiring organizations to notify individuals when a security breach put their data at risk. According to Daniel Crane, undersecretary of the Massachusetts Office of Consumer Affairs and Business Regulation, "Breach-notification laws deal with what happens after the horse leaves the barn." Crane says that 201 CMR 17.00 is intended "to prevent the horse from getting out of the barn in the first place."

 

Learn More About IT:
> The full text of Standards for The Protection of Personal Information of Residents of the Commonwealth is available from the OCABR website.

> In this podcast, Alex Howard interviews state officials about '201 CMR 17.00.'

> Brien M. Posey explains why encryption is no longer optional. 

This was last updated in July 2009
Posted by: Margaret Rouse

Related Terms

Definitions

  • data hygiene

    - Data hygiene is the collective processes conducted to ensure the cleanliness of data. Data is considered clean if it is relatively error-free. Dirty data can be caused by a number of factors includ... (WhatIs.com)

  • Amazon RedShift

    - Amazon RedShift is a fully managed petabyte-scale data warehouse service. RedShift is designed for analytic workloads and connects to standard SQL-based clients and business intelligence tools. (WhatIs.com)

  • erasure coding

    - Erasure coding (EC) is a method of data protection in which data is broken into fragments, expanded and encoded with redundant data pieces, and stored across a set of different locations, such as d... (SearchStorage.com)

Glossaries

  • Data and data management

    - Terms related to data, including definitions about data warehousing and words and phrases about data management.

  • Storage management

    - Terms related to data storage management, including definitions about enterprise storage and words and phrases about storage infrastructure, storage capacity and hierarchical storage management (HSM).

  • Network security

    - Terms related to network security, including definitions about intrusion prevention and words and phrases about VPNs and firewalls.

Dig Deeper

People Who Read This Also Read...

Ask a Question. Find an Answer.Powered by ITKnowledgeExchange.com

Ask An IT Question

Get answers from your peers on your most technical challenges

Ask Question

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top