Friday, February 13, 2009

Mass Data Protection Law delayed and amended

As expected, the Massachusetts Data Protection Law, 201 CMR 17.00 has been amended and delayed again.  I'll post a more detailed look at the changes later, but for now, the Commonwealth has posted info here and the amended law is here (95kb PDF).

Key points are

  • All deadlines have been extended to January 1, 2010
  • Third-party contract/certification requirements have been eased significantly
  • Wireless encryption is only mandated when personal information is transmitted wirelessly.

I think this is a good compromise, it gives businesses more time to do what they should have been doing all along- but allows for the financial burden in this economy.  I also think the easing of third party requirements was a good decision, it would not have been feasible for every company to meet the earlier requirements.

AIM, the Associated Industries of Massachusetts, has a good resource page for businesses working towards 201CMR17.00 compliance.

And, yes, there will be Shmoocon and ShmooBus wrapups coming soon.