New Massachusetts Regulation Requires Comprehensive Written Information Security Program from Businesses by January 1, 2009

Available at

The Massachusetts Office of Consumer Affairs & Business Regulation recently published a regulation to implement the provisions of Massachusetts General Law chapter 93H, its security breach statute. Businesses holding personal information about Massachusetts residents must (1) develop a written plan and appoint an employee to manage it and enforce violations, (2) implement firewalls and encrypt information in transit and on portable devices, and (3) train employees on information security. The regulation applies to all entities that own, license, store or maintain personal information about a resident of Massachusetts and goes into effect January 1, 2009.


About John Nicholson

I'm a transactional attorney who focuses on structuring and negotiating large outsourcing transactions (both on and offshore). As part of my work, I've specialized in: - Structuring and negotiating large outsourcing transactions (both on and offshore) including IT outsourcing and various BPOs (including HRO, Facilities Management, Procurement, Finance and Accounting), large systems development and implementations; - Assisting with development of RFPs, proposal evaluation, down select, and negotiation; - US and European privacy laws, including US Safe Harbor, and state privacy and data breach notification laws; and - Privacy, security, legal and contractual issues associated with cloud computing. I'm a frequent speaker on outsourcing, privacy and security issues. Before becoming a lawyer, I was the acting IT director for a mid-size company prior to hiring the CIO and project manager for the company's Oracle Financials implementation.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s