The firm's Information Security and Privacy practice group
has prepared a Client Advisory describing the guidelines of
the new Massachusetts Data Security Requirements, which will
take effect in January of 2009.
Under the requirements, any person that owns, licenses,
stores, or maintains certain sensitive "personal information"
about a Massachusetts resident must develop, implement,
maintain, and monitor a comprehensive, written information
security program applicable to records containing such
personal information. Violation of these guidelines could
result in up to a $5,000 fine per offense, as well as the
costs of the investigation and attorneys' fees.