New Massachusetts Data Security Law and Regulations - Comprehensive Information Security Plan required before March 1, 2010


As many of you are aware, The Commonwealth of Massachusetts has adopted a new data security law, and regulations thereunder (the "Regulations"), intended to protect its residents from identity theft. While the new law primarily addresses the required response by a company which is subject to an identity theft (prompted by the TJX data breach), the Regulations also set forth measures that businesses, including investment advisers and private fund managers, located in Massachusetts or elsewhere must take to safeguard the personal information of Massachusetts residents. Such measures include the adoption of a comprehensive information security program. While many other states have adopted information security regulations, the requirements set forth in the Regulations have been recognized as some of the most detailed and comprehensive requirements in the country. Final regulations were filed by the Massachusetts Office of Consumer Affairs and Business ("OCABR") on November 4, 2009 and the Regulations principally become effective on March 1, 2010. A full text of the Regulations may be found at the Massachusetts OCABR's website. This memorandum is intended to inform investment advisers and private fund managers of how the Regulations will impact them and what they need to do to comply.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Foley Hoag LLP | Attorney Advertising

Written by:


Foley Hoag LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.