Featured Publications

Financial Institutions: Alert - January 31, 2012

The Dodd-Frank Wall Street Reform and Consumer Protection Act impacted many investment advisers who previously were not registered.

More

Construction: Alert - January 30, 2012

For almost 50 years, lessors have had the ability to limit their liability for liens that arose from improvements to the leasehold made by a lessee. However, in the most recent legislative session, the Florida Legislature enacted revisions to Florida Statute ยง 713.10 that provide a potential pitfall for lessors by inserting a provision that may allow a contractor to lien the lessor's interest even where there is a recorded document advising of the limitation of liens.

More

Search Our Library

Search

  • Print Article
  • Email this page to a friend
  • Print Newsletter / Alert
Intellectual Property and Technology
Alert - February 26, 2010
 
Massachusetts ID Theft Regulation Set to Take Effect on March 1, 2010: Potential Impact on Entities Across the United States
 
 February 26, 2010
 
Maximillian J. Bodoin- Boston
Ieuan Mahony - Boston

On March 1, 2010, the Office of Consumer Affairs and Business Regulation is scheduled to begin enforcing the new Massachusetts identity theft regulation, also known as 201 CMR 17:00 (“Regulation 201”). Regulation 201 establishes standards for the protection of personal information of Massachusetts residents.

What Does Regulation 201 Cover?

Regulation 201 requires individuals, corporations, associations, partnerships and other legal entities (but generally excluding governmental organizations) that possess “personal information” about Massachusetts citizens to develop, implement and maintain a comprehensive written information security program. The scope of Regulation 201 is broad and compliance is triggered based on the records – not the location of the covered entity. For example, a California company would need to comply with Regulation 201 if it held records containing personal information about Massachusetts residents.

Regulation 201 sets out specific measures that covered entities must take to be in compliance. In addition to creating a written program, entities are obligated to:

      • designate personnel with responsibility for the program
      • assess the existing security measures designed to protect records containing personal information of Massachusetts residents and improve measures where foreseeable risks have been identified
      • obtain contractual assurances from third parties that are given relevant records by the covered entity (for example, an outside payroll company)
      • implement physical and electronic security measures to protect the confidentiality and integrity of relevant records including, but not limited to, technical access controls and encryption of electronic records
      • provide employee training
      • regularly review the program and revise it as necessary

Assistance in Developing and Implementing an Information Security Program

To assist covered entities in preparing and implementing an Information Security Program, Holland & Knight has developed a baseline, fixed-fee Regulation 201 compliance package.

Related Practices