| Login/Logout About AIM Contact AIM Join AIM Press Room | ||||||||||||||||||||||||
 |
||||||||||||||||||||||||
|
||||||||||||||||||||||||
|
Home
 Home Page
AIM Resource Page: Massachusetts Data-Breach RegulationsMassachusetts employers face a broad new set of regulations governing the way in which they safeguard customer and employee data. The regulations affect all employers and may require operational and technological changes for employers having custody of personal information, including employee records. AIM offers this Resource Page as a one-stop source for information, updates and events. NewsRegulators Finalize Toughest-in-Nation Data Security
Regulations Data Regulations - Executive Summary AIM Backs Alternative Data-Privacy Law AIM testified this week in favor of an alternative data-security law that would address the problem of identity theft without imposing economically damaging and unrealistic regulations on employers. AIM believes the bill represents a better approach than the one taken by the complex and confusing 2007 data-security law that will cause compliance issues for almost every Massachusetts company next year. Business Coalition Letter to Secretary Bialecki: On Thursday April 2, 2009 The Business Coalition urged Secretary Gregory Bialecki to engage in a substantive dialogue with industry experts, Department of Consumer Affairs and Business Regulation, the Legislature and the Office of the Attorney General. The coalition noted that the administration's changes in the effective date of compliance as "good". Regrettably, the other amendments to the regulations are inadequate or simply do not address the substantive issues that are still cause for great concern. Simply delaying the compliance deadline does not solve these substantive problems. Read
the Business Coalition's Letter (April 2, 2009) Bulletin: Regulators Postpone Data-Security Regulation(Posted February 13, 2009) Massachusetts consumer regulators Thursday postponed implementation of new data-security rules until January 1, 2010 and amended a controversial section of those rules governing security practices of third-party vendors. The proposed regulations have generated a firestorm of criticism from business on the grounds that they are impractical and ineffective. The Massachusetts Office of Consumer Affairs and Business Regulation filed the amended regulations with the Secretary of State Thursday evening. Key amendments include a delay in the general effective date of the data regulations until January 2010 and changes to the standard for third party vendor relationships. AIM will continue to analyze these regulations and work with the administration regarding many of the outstanding concerns with the regulations. “AIM is pleased with actions taken yesterday by the Office of Consumer Affairs & Business Regulations to file with the Secretary of State several amendments to proposed data security regulations that include a delay in the general effective date of compliance from May 1st to January 2010" said AIM President and Chief Executive Officer Richard C. Lord. "While AIM and its members believe that the protection of personal information is a necessary activity and an integral part of every business model, as currently written the initial set of proposed regulations (201 CMR 17.00) went beyond the Legislature’s intent by proscribing highly prescriptive mandates that did not take into consideration the national and global business relationships that Massachusetts firms depend upon. "During the period ahead, AIM and its members will continue to monitor and work closely with the Office of Consumer Affairs & Business Regulations to insure that the final version of data security regulations that will ultimately impact every employer in the Commonwealth including the public sector are technically and economically feasible.” As of today the following sections of the rules have been altered:
“Taking all reasonable steps to verify that any third-party service provider with access to personal information has the capacity to protect such personal information in the manner provided for in 201 CMR 17.00; and taking all reasonable steps to ensure that such third party service provider is applying to such personal information protective security measures at least as stringent as those required to be applied to personal information under 201 CMR 17.00.”
Read the amended regulation Business Urges New Approach on State Data
Regulations AIM and a coalition of 70 employers
and business associations urged the state Thursday to go back to the
drawing board to develop workable regulations to prevent data breaches
and identity theft. Joining with employers such as Verizon, Wal-Mart,
Microsoft and AOL, AIM said the current regulations contain requirements
that are not technically or economically feasible. State officials plan
a hearing on the matter this afternoon. State Schedules Hearing on
Privacy Compliance Dates The Massachusetts Department of Consumer Affairs and Business Regulation will conduct a public hearing on January 16 to consider rules extending the dates by which employers must comply with the strictest data privacy law in the country. AIM encourages member companies to submit oral or written testimony. Please contact Brad MacDougall for more information. AIM: Use Federal Data Privacy
Standards AIM told a legislative hearing that state
data-security regulations due to take effect next year are based upon
faulty assumptions about technology and business operations. The
association asked the state to adopt federal standards instead. Patrick Administration
Postpones Implementation of Regulations Business Groups Ask Governor
to Postpone Regulations LinksAIM Resource Center & Key Documents More Information
| ||||||||||||||||||||||||
© 2010 Associated Industries of Massachusetts (AIM). All rights reserved. Site designed & developed by Advanced Solutions International (ASI)
