Complying with Massachusetts Data Protection Regulations


The current deadline for complying with the Massachusetts Data Privacy Law is January 1, 2010. Since the law protects personal data of the citizens of the Commonwealth of Massachusetts, its reach extends well beyond the state borders. TechTarget  recently held a  seminar on 201 CMR 17.

It is tough law to deal with. Even its creators are unsure about what it actually says. At the Compliance Decisions conference, a presenter from the state government overstated the requirements of the law: No easy answers for complying with data protection regulations.

Based on some coverage of the seminar, some interesting items came out.

When it comes to wireless standards: “You have to look at what is considered industry back practices. Specific to a wireless control, don’t go out and look at WEP. Don’t go out and look at WPA. Both of those protocols have been breached. You’ve got to go to WPA2.”

When it comes to compliance and enforcement: “It is true that the attorney general is going to decide what is in compliance or not.”