In honor of Data Privacy Day and its spirit of education, I thought it might be appropriate (and fun) to celebrate some (but certainly not all) of the A, B, Cs of Data Privacy. Would love to see your contributions, too!
As we noted earlier this week, Massachusetts indicated late last week it would issue its last round of amendments to its data security regulations scheduled to take effect March 1, 2010, 201 CMR 17.00. The last round of amendments are not particularly significant, although it is worth noting that, contrary to the amendments made in August, this round clarifies that the regulations cover any entity that even stores personal information of Massachusetts residents, in addition to those that receive, maintain, process, or otherwise have access to personal information. Here is the press release from the Office of Consumer Affairs and Business Regulation. Here is the final version of the Regulations. Doug Cornelius has a great analysis here. The effective date of the regulations is still March 1, 2010.
Friday was a busy day for identity theft and data security regulations. Not long after the Federal Trade Commission announced it was extending the enforcement deadline for the Red Flags Rule for the fourth time, word came from BNA's Privacy & Security Law Report that the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) had filed with the Massachusetts Secretary of State its final amendments to 201 CMR 17.00, the state's data security regulations. BNA reported that OCABR plans to make the amendments public sometime this week. BNA further reported that there are no major changes, but that there will be some clarification with respect to contracts between persons who own or license personal information and third-party service providers (201 CMR17.03(2)(f)(2)). You can check out Dave's post on the last round of significant revisions to the regulations in August, complete with redline. We have seen a lot of activity in the blogosphere about the new changes, but nothing official yet. And so far, no announcements of further delays in the effective date, currently set for March 1, 2010. We will report as soon as we hear more information.