Massachusetts recently responded to an outcry from the business community in regard to the new privacy regulatiosn promulgated by the office of consumer affairs. An earlier blog entry summarized the new requierements. Here are the new deadlines:
The Office of Consumer Affairs and Business Regulation (OCABR) has extended its January 1, 2009 deadline for compliance with the newly promulgated Massachusetts privacy regulations. According to OCABR, the extension of time will assist businesses in implementing the required measures during this economically uncertain time.
The new standards deadlines are:
- May 1, 2009 for general compliance. This has been changed from the original deadline of January 1, 2009.
- May 1, 2009 for ensuring that third-party service providers are capable of providing safeguards for personal information and for executing contracts with third-party providers to provide such safeguards. This has been changed from the original deadline of January 1, 2009.
- May 1, 2009 for encryption of company laptops. This date has changed from January 1, 2009.
- January 1, 2010 to receive written certification from third-party service providers that they have complied with the new Massachusetts privacy regulations. This will assist businesses in educating their third-party service providers, many of whom may be located outside of Massachusetts, or, replace non-compliant third-party service providers as required by the regulations. This date has been changed from January 1, 2009.
- January 1, 2010 for the encryption of all other portable devices, aside from laptops, such as memory sticks and PDAs. This has been changed from January 1, 2009.
Most Museums in Massachusetts and even Museums outside of Massachusetts will need to comply with the regulations. Any Museum that collects the personal information of a Massachusetts resident is subject to the regulations. “Personal Information” refers to a Massachusetts resident’s first name and last name or first initial and last name in combination with any one or more of the following: (a) Social Security Number; (b) driver’s license number or state issued identification card number; or (c) financial account number, or credit card or debit card number. If you collect any of this information int he course of accepting memberships, accepting donations or from sales in yuor retail shop or online store, you must comply.