Here is a list of references for my discussion of the new data protection law (and for insomniacs everywhere):
-
The first notification law
-
A depressing litany of failure
-
Another loss list, sortable and downloadable
-
Failure you can carry with you
-
How NOT to make data protection law
-
Scroll to the very bottom to see a one-sentence afterthought
-
201CMR17 doesn't apply to state government, but this does
-
201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth
-
The regulations
-
This could actually be useful
-
Spinning an unfunded mandate
-
Small Business Guide for Formulating a Comprehensive Written Information Security Program
-
Some more detail on expectations
-
Some utter nonsense, too
-
Like the bit about building access
-
The Massachusetts breach notification law
-
The foundation for 201 CMR 17.00
-
Summary of breach notifications for the first ten months
-
Requirements for Security Breach Notifications under Chapter 93H
Jack