It doesn’t matter where the company is located, the Massachusetts requirements apply. Personal information that is subject to the mandatory protection requirements are first and last names (or initial) with any one or more of the following: Social Security number, driver’s license number, financial account number, or credit or debit card number, with or without passwords or PIN.
No client will be in compliance without taking affirmative steps, including the adoption of a specific written information security program, and the implementation of encryption and other required safeguards.
Click here to view the official press release extending the January 1, 2009 compliance deadline to May 1, 2009.