The firm’s Information Security and Privacy practice group has prepared a Client Advisory describing the guidelines of the new Massachusetts Data Security Requirements, which will take effect in January of 2009.

Under the requirements, any person that owns, licenses, stores, or maintains certain sensitive “personal information” about a Massachusetts resident must develop, implement, maintain, and monitor a comprehensive, written information security program applicable to records containing such personal information. Violation of these guidelines could result in up to a $5,000 fine per offense, as well as the costs of the investigation and attorneys’ fees.