As many of you are aware, The Commonwealth of Massachusetts has adopted a new data security law, and regulations thereunder (the "Regulations"), intended to protect its residents from identity theft. While the new law primarily addresses the required response by a company which is subject to an identity theft (prompted by the TJX data breach), the Regulations also set forth measures that businesses, including investment advisers and private fund managers, located in Massachusetts or elsewhere must take to safeguard the personal information of Massachusetts residents. Such measures include the adoption of a comprehensive information security program. While many other states have adopted information security regulations, the requirements set forth in the Regulations have been recognized as some of the most detailed and comprehensive requirements in the country. Final regulations were filed by the Massachusetts Office of Consumer Affairs and Business ("OCABR") on November 4, 2009 and the Regulations principally become effective on March 1, 2010. A full text of the Regulations may be found at the Massachusetts OCABR's website. This memorandum is intended to inform investment advisers and private fund managers of how the Regulations will impact them and what they need to do to comply.
Please see full publication below for more information.