Friday, November 14, 2008

Deadline extended for Mass. data privacy regs

By Mass High Tech Staff

Video Gallery

MHT reporter Efrain Viscarolasaga on NECN: Green tech brings jobs back to Mass.

2008 High Tech All-Stars in their own words: Chris Brogan

How is the economic crisis affecting tech companies?

MHT Sales Roundtable: Web 2.0, Meet Sales 101

Related News

Fledgling Holyoke computer center gives $600,000 in grants [January 30, 2012]

Holyoke computing center gets $14.5M from MassDevelopment [October 26, 2011]

Mass. AG’s office moves Holyoke data center forward [October 14, 2011]

DR firm Zerto brings in $15M Series B round [August 22, 2011]

Plexxi pulls in $20M more for stealthy networking business [July 29, 2011]

The Massachusetts Office of Consumer Affairs and Business Regulations (OCABR) has announced an extension to state data privacy regulations, now set to go into effect May 1, 2009. Compliance with data encryption standards was originally scheduled to begin on Jan. 1, 2009. The OCABR cited in a release the challenging economy as reason for allowing companies to have more time in meeting the deadline.

The regulations, issued in September, are intended to protect consumer and employee personal information by requiring firewall protection for all personal data belonging to Massachusetts residents and data encryption for documents saved on flash drives or laptops or sent via the Internet.

Under the newly adjusted regulations, deadline for general compliance is May 1, 2009 — the same deadline as the new FTC Red Flag Rule in which creditors and financial institutions must also have enforced written identity theft prevention programs. Third-party service providers must also comply by the same deadline, while the deadline for written certification ensuring compliance for these third-party providers has been extended to Jan. 1, 2010. Laptop encryption must be implemented by May 1, 2009, while encryption of other portable devices has a deadline of Jan. 1, 2010.

The data privacy regulations are causing a stir among companies, according to a Mass High Tech report.  While some companies have said that compliance should be on target for most vigilant firms, others have argued that full compliance may take years.