I am not breaking any news to anyone, I think, if I tell you that a new law in Massachusetts that lays out security for protecting private information. What I do want to write about is why I like this law.
The first thing is I like how the law says that anyone who does business with a resident of the commonwealth regardless of nexus is required to follow these guidelines, not just businesses in the commonwealth . This is good because they are setting a standard for the rest of the union. Too many laws are written in a form that requires a lawyer to decode them. I read and understood the law while I waited on my Cashew Chicken at PF Chang’s.
I also like that it is very specific. It names product segments and states exactly what needs to be done. They don’t use terms like “Reasonable Measures”, this just confuses people and leads to inaction. This one is clear.
I can tell you firsthand PII is handled poorly by most businesses. You can set your company apart just by following this law. If you become Mass 201 compliant the rest is easy, and this one is not hard.
http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf
