CYBERLAW.IO
  • Buy Legal Forms
  • Accountants
  • Doctors
  • Insurance Professionals
  • Small Business Owners
  • Articles
    • Data Security >
      • U.S. State Data Breach Notification Laws
    • Privacy and Data Protection >
      • Privacy Laws in the U.S.
  • Blog
  • Privacy Statement
  • Terms of Service
    • Customer Satisfaction Policy
  • Contact
  • About Us
  • About Legal Forms
  • Store

Cyberlaw.io blog

Does (and Should) Your Internet Business Comply with Massachusetts Law?

4/17/2017

0 Comments

 

Picture
If an ecommerce business sells to a citizen of Massachusetts and stores that customer's user data, then it must comply with Massachusetts law regarding data security and privacy of customer data.

​201 CMR 17.00 requires a business (located anywhere) which stores and maintains electronic or paper records containing personal information about a resident of the Commonwealth of Massachusetts to maintain a comprehensive, written information security program ("WISP") applicable to those records. There is no small business exemption to this requirement.

Among other things:
- The WISP must include administrative, technical, and physical safeguards for PI protection.
- One or more employees must be designated to maintain and supervise WISP implementation and performance.
- Regular ongoing employee training, and procedures for monitoring employee compliance, must be included in the WISP.

For more information, please refer to the 201 CMR 17.00 Compliance Checklist that the Office of Consumer Affairs and Business Regulation has provided at: http://www.mass.gov/ocabr/docs/idtheft/compliance-checklist.pdf

Also, read the FAQ at: http://www.mass.gov/ocabr/docs/idtheft/201cmr17faqs.pdf

For an in-depth look at the standards, read them at: http://www.mass.gov/ocabr/docs/idtheft/201cmr1700reg.pdf

If you need to purchase and download written information security program legal forms, click here.
0 Comments



Leave a Reply.

    Author

    James P. Curry, Esq.

    Archives

    April 2017

    Categories

    All

    RSS Feed

Location

Contact Us Form | 1-833-232-9237 (1-833-23CYBER) | P.O. Box 1325 | Jupiter, FL 33468

    Subscribe to our Newsletter Today!

Subscribe to Newsletter

Copyright © 2018 Cyberlaw.io. All rights reserved.
  • Buy Legal Forms
  • Accountants
  • Doctors
  • Insurance Professionals
  • Small Business Owners
  • Articles
    • Data Security >
      • U.S. State Data Breach Notification Laws
    • Privacy and Data Protection >
      • Privacy Laws in the U.S.
  • Blog
  • Privacy Statement
  • Terms of Service
    • Customer Satisfaction Policy
  • Contact
  • About Us
  • About Legal Forms
  • Store