Choose Index below for a list of all words and phrases defined in this glossary.

Massachusetts Data Protection Law

index | Index

Massachusetts Data Protection Law - definition(s)

Massachusetts data protection law - The Massachusetts data protection law is legislation that stipulates security requirements for organizations that handle the private data of residents. The law is more formally known as "Standards for The Protection of Personal Information of Residents of the Commonwealth" (or 201 CMR 17.00). Similar legislation is under consideration in most other states.

The Massachusetts data protection law includes requirements for:

   * Encryption of personal data.
   * Retention and storage of both digital and physical records.
   * Network security controls (firewalls, for example).
   * Risk management policies and practices.
   * Employee training.
   * Adequate documentation of data breaches.
   * Adequate documentation of any policy changes.
   * Ensuring that any associated third-party providers who have access to the data maintain the same standards.

The Massachusetts data protection law replaces earlier legislation requiring organizations to notify individuals when a security breach put their data at risk. According to Daniel Crane, undersecretary of the Massachusetts Office of Consumer Affairs and Business Regulation, "Breach-notification laws deal with what happens after the horse leaves the barn." Crane says that 201 CMR 17.00 is intended "to prevent the horse from getting out of the barn in the first place."

[Category=Data Management ]

Source:, 23 August 2013 08:35:05, External

Data Quality Glossary.  A free resource from GRC Data Intelligence. For comments, questions or feedback: