[Updated October 15, 2009 for compliance with new amendments to the regulations]

by Stephen E. Meltzer, Esq., CIPP

Who is Regulated?

Any natural person, corporation, association, partnership or other individual or legal entity that owns or licenses “personal information” about a resident of Massachusetts is subject to the regulations. This would include any person or business that employs Massachusetts residents if its employee records include certain personal information. A business need not have any operations in Massachusetts to be subject to the regulations and the application of the regulations is not limited to any particular industry, and no industry is exempt from the requirements for compliance.

For purposes of the new regulations and Chapter 93H, “personal information” is defined as a
Massachusetts resident’s first name and last name, or first initial and last name, combined with one or more of: “(a) Social Security number, (b) drivers license or state-issued identification number, or (c) financial account or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account.” Lawfully obtained, publically available information is not considered “personal information.”

There are no exceptions or exemptions from regulation.  In other words, every person and business that has possession or control of personal information about a resident of Massachusetts must comply with the new regulations – everyone.

This would include for-profit and non-profit organizations located inside and outside of Massachusetts, whether they are the technical “owners” of the information, or merely “possessors” of that information.  The real proof of the applicability will be in the enforcement, but out-of-state and out-of –country vendors providing services related to data control and processing better beware.

Popularity: 27% [?]

Related posts:

1. Introduction to the New Massachusetts Privacy Laws [Updated October 15, 2009 for compliance with new amendments to the regulations]...
2. New Massachusetts Privacy Laws – Computer Security [Updated October 15, 2009 for compliance with new amendments to the regulations]...
3. New Massachusetts Privacy Laws – The WISP [Updated October 15, 2009 for compliance with new amendments to the regulations]...
4. New Massachusetts Privacy Laws – Breach Notification Requirements [Updated October 15, 2009 for compliance with new amendments to the regulations]...
5. New Massachusetts Privacy Laws – Data Destruction [Updated October 15, 2009 for compliance with new amendments to the regulations]...
6. New Massachusetts data privacy regulations posts updated I went back yesterday and updated the posts outlining the new Massachusetts...