Written by Cynthia and Elissa
An oft-cited criticism of the Massachusetts data security regulations (201 CMR 17.00), effective March 1, 2010, is that the regulations specifically do not apply to government entities -- the only reason being that the Office of Consumer Affairs and Business Regulation does not have the authority or jurisdiction to enact regulations over governmental entities in Massachusetts.
One agency is seeking to correct that. The Massachusetts Office of the Attorney General has released draft privacy regulations to apply to the AG’s office, effective December 31, 2009. The regulations mirror the obligations imposed upon private business by 201 CMR 17.00.
This post would not be complete if we did not also take note of the fact that Attorney General Martha Coakley is a candidate for the U.S. Senate seat left vacant by the death of Senator Edward Kennedy.