201 CMR 17.00

The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) released the final version of its “Standards for the Protection of Personal Information of Residents of the Commonwealth” (the “Regulation”) establishing standards for how ALL businesses protect and store Massachusetts personal information about a resident of Massachusetts be they based in Massachusetts or not.  201 CMR 17.00 requires, among other things, that businesses encrypt documents sent over the Internet or saved on laptops or flash drives, encrypt wirelessly transmitted data, and deploy up-to-date firewalls to create “an electronic gatekeeper” between the data and the outside world that only allows authorized users to access or transmit data.

EVERY company that licenses or stores Personal Information about a Massachusetts resident must comply with 201 CMR 17.00.


What if I don’t comply?

A civil penalty of $5,000 may be levied for each violation of M.G.L. 93H 201 CMR 17.00. In addition, under the portion of M.G.L. 93I concerning data disposal, businesses can be subject to a fine of up to $50,000 for each instance of improper disposal.

How TBG Security Can Help You Achieve Compliance

TBG Security consultants have been helping customers comply with State and Federal business and privacy regulations for ove fifteen years. Working as either a full service consultant, or as an adjunct to your in-house business & security team TBG will execute our four phase compliance readiness process to insure that your business meets or exceeds their compliance requirements. We are able to assist your organization in meeting these and other information security-related business regulations, including, but not limited to:

  • Create a Comprehensive Information Security Policy
  • Performing an audit to determine your organization’s current level of compliance with these new business regulations
  • Advising your company on specific steps needed to achieve compliance
  • Deploying and supporting security infrastructure to automatically encrypt email messages.
  • Perform initial setup and training for software to encrypt your company’s laptops and other mobile devices
  • Update and support your primary security infrastructure, including firewalls, VPN access, anti-phishing, and tools to protect against malicious code
  • Identify and recommend remediation for vulnerabilities present in your internal systems.

For more information on how TBG Security can help your organization reach compliance contact our our Compliance Practice Manager or call us directly at 877.233.6651 ext 704.