As expected, the Massachusetts Data Protection Law, 201 CMR 17.00 has been amended and delayed again. I'll post a more detailed look at the changes later, but for now, the Commonwealth has posted info here and the amended law is here (95kb PDF).
Key points are
- All deadlines have been extended to January 1, 2010
- Third-party contract/certification requirements have been eased significantly
- Wireless encryption is only mandated when personal information is transmitted wirelessly.
I think this is a good compromise, it gives businesses more time to do what they should have been doing all along- but allows for the financial burden in this economy. I also think the easing of third party requirements was a good decision, it would not have been feasible for every company to meet the earlier requirements.
AIM, the Associated Industries of Massachusetts, has a good resource page for businesses working towards 201CMR17.00 compliance.
And, yes, there will be Shmoocon and ShmooBus wrapups coming soon.
Jack
