The widely-reported 2007 data breach at TJX, a Framingham, Massachusetts-based retailer, along with other smaller breaches—and the resulting possibility of identity theft—spurred lawmakers to protect residents from considerable inconvenience and financial harm.
Massachusetts took the lead in passing a new regulation that requires companies to implement a comprehensive data security plan that includes encryption. 201 CMR 17.00 implements the provisions of Chap. 93H, an earlier data breach notification regulation.
The regulation took effect on March 1, 2010. Is your organization prepared for 201 CMR 17.00?