As we recently reported to you in our February 2009 Client Update, the Office of Consumer Affairs and Business Regulations issued regulations, which were to be effective May 1, 2009, requiring that every business develop comprehensive written procedures and policies to ensure that personal information of Massachusetts residents is protected. The OCABR recently postponed the effective date of the controversial Massachusetts data security regulations to January 1, 2010.

In addition to postponing the effective date, the regulations have been further revised in an effort to ease the burden on employers. Specifically,the encryption requirements have been scaled back and employers are no longer required to obtain compliance certification from third-party vendors. Both of these changes should ease the burdens on employers in implementing these regulations.



If you have any questions regarding these changes or the implementation of data security changes, please contact a member of our Employment Law Practice.

Return to Resources