Are you still wondering about MGL 93H, 201 CMR 17.00?
We want to give you all the information you may need to become compliant with this new regulation. This regulation is inherent to Massachusetts General Law 93H (MGL 93H).
The law was written to define the security breaches and regulations for safeguarding the personal information of any Commonwealth of Massachusetts resident.
The regulation implements the provisions of the law and describes what you need to have in place in your company in order to be compliant.
Why was 93H created? Why 201 CMR 17.00?
The Department of Consumer Affairs and Business Regluations issued this law and these regulations in response to the following data breaches occurred: ·TJ Max (TJX ) January 17, 2007 -Affected about 100 million account numbers Hacked several different ways - through wireless connections and kiosks ·Hannaford Supermarkets - between Dec. 7, 2007 and Mar 10, 2008 -More than 4 million card numbers were exposed, and by the time Hannaford publicly announced the breach, on March 17, 2008, about 1,800 fraudulent charges had been made. ·Other Security Threats -Malware, viruses In response, M.G.L. c 93H was enacted in November, 2007. Within the first 10 months after enactment of M.G.L. c 93H, the office of Consumer Affairs and Business Regulation received 318 notifications of security breaches. ·10 involved data that was encrypted ·69 involved data that was password protected ·Total MA residents affected was 625,365 60% were due to stolen laptops or hard-drives and 40% were employee error or sloppy internal handling. 75% were in the financial services sector. Massachusetts then took the lead in passing a new regulation -- 201 CMR 17.00 -- that required companies to implement a comprehensive data security plan that incuded encryption of all computer systems with personal information of a Massachusetts resident.