On October 24, 2008, the Massachusetts Office of Consumer Affairs and Business Regulation published guidance on how companies can formulate a comprehensive written information security program required by the state’s recently-issued data security regulation. In addition, the Office released a compliance checklist and a list of Frequently Asked Questions regarding the regulation. All three materials can serve as useful tools for businesses as they evaluate and update their current data security policies to ensure compliance with the new regulation (including its new encryption requirement of personal information).

The Client Advisory below, prepared by the Information Security and Privacy Practice Group, provides an analysis of these materials to assist businesses.

Massachusetts Releases Business Guidance on Compliance with the State’s New Data Security Regulation