NSK is Hiring

Positions available:

  1. IT Field Tech 

Contact Us

How Are You Managing Your Devices?

IT Consultants' Insight on Business Technology | NSK Inc.

Current Articles | RSS Feed RSS Feed

Massachusetts Claims Its First Victim to 201 CMR 17

Data Security

Massachusetts new regulation 201CMR17.00 has claimed its first victim - The Briar Group.  

Final Version of MGL 93H 201 CMR 17.00 Filed


 Final Version of MGL 93H 201 CMR 17.00 Filed

OCABR (Massachusetts Office of Consumer Affairs and Business Regulation) on October 29th, 2009 filed the "Final" version of the "Standards for the Protection of Personal Information" also known as MGL 93H 201 CMR 17.00 with the Secretary of State's office.  The first issue was in September of 2008, and after more than a year of amendments to the original regulations this is the final step before the regulation takes effect on March 1, 2010.  The final regulations include some further clarifications than the amendment that was released in August of this year, but are substantially similar.

Frequently Asked Questions Regarding MGL 93H 201 CMR 17.00

describe the image

What are the differences between this new version (August 17, 2009) of 201 CMR 17.00 and the version issued in February of 2009?

There are some important differences in the two versions:

Small-Business Considerations Reflected in Massachusetts’ Revised ID Theft Regulations

Small Business Data Security

Below is the copy of the Release from the Commonwealth of Massachusetts Office of Consumer Affairs & Business Regulation (OCABR).


Red Line Changes to 201CMR17.00 as of August 17, 2009

Data Security 201CMR17



Your Timeline for Compliance with MGL 93H 201CMR17.00

201CRM17.00 Compliance

Compliance for 201 CMR 17.00 is going to take a little time... We have written out a Guideline for your Timeline!


Massachusetts Businesses: Are You In Compliance?

Broken Lock



NSK Offers MPICA for Compliance with MA Law

MPICA (Massachusetts Personal Information Compliance Assessment) is an IT support service that NSK Inc is offering to businesses that need to comply with the Massachusetts General Law Chapter 93H and its new regulations 201 CMR 17.00. The law requires that any companies who own, license, store, and/or maintain personal information about a Massachusetts resident make adjustments to further protect personal information. Both electronic and paper records will need to comply with the new law. The regulations go into effect on January 1, 2010. The law was originally supposed to go into effect on January 1, 2009, but then was pushed to May 1 and then January 1, 2010 due to the state of the economy, time restraints, and confusion about the law.

MPICA offers IT help to companies who are having difficulty making changes in their systems to adjust to this law. Identity theft and fraud are the major concerns at the core of the implementation of the 201 CMR 17.00, so it is important that the necessary changes are made within business IT systems. If a Massachusetts resident's information is leaked or captured, there could be serious consequences for the business that allowed the breach and for the individual whose information was leaked. Therefore, making changes to keep residents' information secure will be required to avoiding security breach and fines.

Companies will need a written security plan to safeguard their contacts' and/or employees personal information. It will need to be illustrative of policies that demonstrate technical, physical, and administrative protection for residents' information. The plan needs to be written to meet industry standards. Companies will have to designate employees to oversee and manage security procedures in the workplace, as well as continuously monitor and address security hazards. Policies addressing employee access to and transportation of personal information will need to be developed, as well as disciplinary measures for employees who do not conform to the new regulations. Limiting the collection of data to the minimum that is needed for the purpose it will be used for is also part of the new regulations.

Since revisiting workplace data security procedures requires in-depth changes, this is a lengthy process. It takes months for businesses to make the necessary changes required by this law, so businesses might consider starting early at contacting an IT consulting firm and seeking its IT support.

Written by Melissa Cocks

All Posts

NSK Inc. IT Services