Massachusetts Data Privacy Standards Revised Once Again; Compliance Deadline Extended

October 22, 2009
The Office of Consumer Affairs and Business Regulation (“OCABR”) has once again extended the deadline for compliance with the Massachusetts Standards for the Protection of Personal Information. The standards, now set to take effect on March 1, 2010, require covered entities to develop, implement, maintain, and monitor a comprehensive, written information security program to safeguard all paper and electronic records that contain personal information about Massachusetts residents. While the Regulations have been relaxed in some respects from their original form, they continue to represent the most rigorous federal or state effort to combat identity theft to date. This update examines the revisions made to the proposed standards.