News Stay informed about the latest enterprise technology news and product updates.

What will compliance with the Massachusetts data protection act mean?

A bill being discussed in the Massachusetts Senate proposes major changes to MA GL 93H, the Data Breach Notification Act. These changes could in turn result in revisions to 201 CMR 17.00, the data protection regulation promulgated by the Office of Consumer Affairs and Business Regulation (OCABR), including removal of specific encryption requirements and deference to federal statutes.

The Massachusetts State-house in Boston, Massa...
Image via Wikipedia

We wrote about it last week in “Mass. Senate seeks to amend, weaken data breach notification law.” As you know, we’ve been covering news on the nation’s most comprehensive data protection law since the beginning of the year, including a podcast with the OCABR CIO and general counsel:

•    Podcast: New Massachusetts data protection law mandates IT compliance
•    Panels describe risks of noncompliance with Mass. data protection law

Kevin Beaver, a contributor to, offered his commentary on the situation nationally: “Are you out of the loop on state data breach notification laws?

Sarah Cortes reminded the readers of last week of  the risk of penalties for violating data privacy laws.

Anne McCrory, editorial director for the CIO/IT Strategy Media Group at TechTarget, also has rung in with her view: “It’s time for a federal data protection act,” following Scot Petersen’s take: “Red Flags Rule delay reveals troubling pattern developing.”

Our sister site,, posted some additional advice:  Encrypt now to meet new Mass. data protection law.

So with all that out there, here’s what I’m wondering:

What do you think of the law?

What are your thoughts on the proposed revisions?

How are you approaching compliance with the regulation?

Do you have clients or partners that you are advising on the topic? What do they think?

I’ve been interviewing many of our readers on precisely these questions, including many thought leaders, CISOs, privacy officers and CIOs. I’d be grateful for your thoughts as well.

Please write to or directly to me at

As you know, you can also find us @ITCompliance on Twitter

Reblog this post [with Zemanta]

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Am I the only business operations professional who is disappointed about the new rules being relaxed? Yes, there are costs involved, but any properly run organization should have all the safe-guards in place already. It is just the right thing to do, good practice, and a good way to protect your company.