skip to main content


Massachusetts Extends Compliance Deadline and Revises Requirements for Personal Information Protection

March 4, 2009

Authors: Catherine F. Intravia

In December of 2008, we posted an alert outlining the new Massachusetts regulations regarding personal information protection. It was just announced that the Massachusetts Office of Consumer Affairs and Business Regulation recently extended the compliance date for the regulations to January 1, 2010.

Also, the regulations were revised to remove the requirement that entities obtain written certification from third party providers with access to personal information that the third party providers have a written information security program consistent with the regulations. Now,  under the revision, entities that possess personal information of Massachusetts residents are to take reasonable steps to (1) verify that a third party service provider with access to such personal information has the capacity to protect the personal information in the manner provided for in the regulations; and (2) ensure that such third party service provider is applying to the personal information protective security measures at least as stringent as required in the regulations.

To view the December alert in its entirety, please click here.

Related File(s)

© Shipman & Goodwin LLP, 2018. All Rights Reserved.