Comments on: Massachusetts Amends Its Strict Data Privacy Law (Yet, Again) http://www.compliancebuilding.com/2009/11/05/massachusetts-amends-its-strict-data-privacy-law-yet-again/ Doug Cornelius on compliance and business ethics for private equity real estate Mon, 13 Feb 2012 12:56:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Data Accountability and Trust Act Passed by House | Compliance Building http://www.compliancebuilding.com/2009/11/05/massachusetts-amends-its-strict-data-privacy-law-yet-again/comment-page-1/#comment-11875 Data Accountability and Trust Act Passed by House | Compliance Building Fri, 17 Dec 2010 12:54:49 +0000 http://www.compliancebuilding.com/?p=4834#comment-11875 [...] This bill would preempt any state laws in the area, wiping out the Massachusetts Data Privacy Law [Massachusetts Amends Its Strict Data Privacy Law (Yet, Again)]. [...] [...] This bill would preempt any state laws in the area, wiping out the Massachusetts Data Privacy Law [Massachusetts Amends Its Strict Data Privacy Law (Yet, Again)]. [...]

]]> By: National Data Privacy Laws Move Forward | Compliance Building http://www.compliancebuilding.com/2009/11/05/massachusetts-amends-its-strict-data-privacy-law-yet-again/comment-page-1/#comment-10601 National Data Privacy Laws Move Forward | Compliance Building Mon, 29 Nov 2010 18:32:25 +0000 http://www.compliancebuilding.com/?p=4834#comment-10601 [...] last week’s further revisions to the Massachusetts Data Privacy Law [Massachusetts Amends Its Strict Data Privacy Law (Yet, Again)], people are wondering if the federal government is going to step into the space and create a [...] [...] last week’s further revisions to the Massachusetts Data Privacy Law [Massachusetts Amends Its Strict Data Privacy Law (Yet, Again)], people are wondering if the federal government is going to step into the space and create a [...]

]]> By: Stacy http://www.compliancebuilding.com/2009/11/05/massachusetts-amends-its-strict-data-privacy-law-yet-again/comment-page-1/#comment-5228 Stacy Tue, 23 Mar 2010 20:27:10 +0000 http://www.compliancebuilding.com/?p=4834#comment-5228 Hi. Just wondering if this law went into effect on March 1, 2010 or if it was extended again. Thanks. Hi. Just wondering if this law went into effect on March 1, 2010 or if it was extended again.

Thanks.

]]> By: Doug Cornelius http://www.compliancebuilding.com/2009/11/05/massachusetts-amends-its-strict-data-privacy-law-yet-again/comment-page-1/#comment-4713 Doug Cornelius Thu, 18 Feb 2010 17:09:25 +0000 http://www.compliancebuilding.com/?p=4834#comment-4713 We are starting to see a patchwork of state laws. So far, not seem incompatible. Since Mass. is the most detailed and the strictest most companies seem to be treating it as the standard. Other states with data privacy laws include: Nevada: http://www.compliancebuilding.com/2008/10/29/nevada-law-on-privacy-of-personal-information/ New Hampshire: http://www.compliancebuilding.com/2010/01/15/compliance-bits-and-pieces-for-january-15/ New York: http://www.compliancebuilding.com/2008/12/10/six-states-now-require-social-security-nu/ New Mexico: http://www.compliancebuilding.com/2008/12/10/six-states-now-require-social-security-nu/ Michigan: http://www.compliancebuilding.com/2008/12/10/six-states-now-require-social-security-nu/ Texas: http://www.compliancebuilding.com/2008/12/10/six-states-now-require-social-security-nu/ We are starting to see a patchwork of state laws. So far, not seem incompatible. Since Mass. is the most detailed and the strictest most companies seem to be treating it as the standard.

Other states with data privacy laws include:

Nevada: http://www.compliancebuilding.com/2008/10/29/nevada-law-on-privacy-of-personal-information/
New Hampshire: http://www.compliancebuilding.com/2010/01/15/compliance-bits-and-pieces-for-january-15/
New York: http://www.compliancebuilding.com/2008/12/10/six-states-now-require-social-security-nu/
New Mexico: http://www.compliancebuilding.com/2008/12/10/six-states-now-require-social-security-nu/
Michigan: http://www.compliancebuilding.com/2008/12/10/six-states-now-require-social-security-nu/
Texas: http://www.compliancebuilding.com/2008/12/10/six-states-now-require-social-security-nu/

]]> By: Anonymous http://www.compliancebuilding.com/2009/11/05/massachusetts-amends-its-strict-data-privacy-law-yet-again/comment-page-1/#comment-4691 Anonymous Tue, 16 Feb 2010 18:51:36 +0000 http://www.compliancebuilding.com/?p=4834#comment-4691 Are other states following MA's lead? If so, how do I find out which states? Are other states following MA’s lead? If so, how do I find out which states?

]]> By: Massachusetts Amends Strict Data Privacy Law (Again) | Compliance Building http://www.compliancebuilding.com/2009/11/05/massachusetts-amends-its-strict-data-privacy-law-yet-again/comment-page-1/#comment-4514 Massachusetts Amends Strict Data Privacy Law (Again) | Compliance Building Wed, 03 Feb 2010 21:01:24 +0000 http://www.compliancebuilding.com/?p=4834#comment-4514 [...] UPDATE: Another revision was published on November 5, 2009. See: Massachusetts Amends Its Strict Data Privacy Law (Yet, Again) [...] [...] UPDATE: Another revision was published on November 5, 2009. See: Massachusetts Amends Its Strict Data Privacy Law (Yet, Again) [...]

]]> By: JParent http://www.compliancebuilding.com/2009/11/05/massachusetts-amends-its-strict-data-privacy-law-yet-again/comment-page-1/#comment-3634 JParent Fri, 18 Dec 2009 15:51:43 +0000 http://www.compliancebuilding.com/?p=4834#comment-3634 Thank you. Thank you.

]]> By: Doug Cornelius http://www.compliancebuilding.com/2009/11/05/massachusetts-amends-its-strict-data-privacy-law-yet-again/comment-page-1/#comment-3633 Doug Cornelius Fri, 18 Dec 2009 15:46:43 +0000 http://www.compliancebuilding.com/?p=4834#comment-3633 Absolutely! If you have a Massachusetts client's name and their social security number, then you are subject to this law. If you get a W-9 or tax filings or other filings through email and those filings have a Massachusetts client's name and their social security number, then that means your laptop and blackberry need to be encrypted. Your document systems need to be secure and you need proper protocols in place. Absolutely!

If you have a Massachusetts client’s name and their social security number, then you are subject to this law. If you get a W-9 or tax filings or other filings through email and those filings have a Massachusetts client’s name and their social security number, then that means your laptop and blackberry need to be encrypted. Your document systems need to be secure and you need proper protocols in place.

]]> By: JParent http://www.compliancebuilding.com/2009/11/05/massachusetts-amends-its-strict-data-privacy-law-yet-again/comment-page-1/#comment-3632 JParent Fri, 18 Dec 2009 15:34:26 +0000 http://www.compliancebuilding.com/?p=4834#comment-3632 Does it apply to law firms? Does it apply to law firms?

]]> By: Doug Cornelius http://www.compliancebuilding.com/2009/11/05/massachusetts-amends-its-strict-data-privacy-law-yet-again/comment-page-1/#comment-3293 Doug Cornelius Mon, 07 Dec 2009 19:02:26 +0000 http://www.compliancebuilding.com/?p=4834#comment-3293 The definition of "personal information" is the key to your question. Facebook clearly collects lots of personal information, but not the "Personal Information" defined under Massachusetts law: Personal information, a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided, however, that “Personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public. Since Facebook does not collect SSNs or financial account info, I don't think the kind of breach you mention is covered under the law. The definition of “personal information” is the key to your question. Facebook clearly collects lots of personal information, but not the “Personal Information” defined under Massachusetts law:

Personal information, a Massachusetts resident’s first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver’s license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided, however, that “Personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.

Since Facebook does not collect SSNs or financial account info, I don’t think the kind of breach you mention is covered under the law.

]]>