Coviant Software

Massachusetts Privacy Law


Massachusetts Privacy Law (201 CMR 17)

In September 2008, Massachusetts enacted a sweeping new privacy law to protect the personal information of Massachusetts residents that went into effect on March 1, 2010. If you do business with residents of Massachusetts or have employees that reside in Massachusetts, you must comply.


What are the key requirements?

The Massachusetts law is the first in the nation to require specific technology when protecting personal information. Both “data at rest” and “data in transit” over a public network, such as the Internet, that contain personal information must be encrypted.

Personal information is defined as a Massachusetts resident’s name in combination with one of the following – with or without a security code, access code, PIN, or password that would permit access to a resident’s financial account:

  • Social Security number
  • Driver’s license number or state-issued identification card number
  • Financial account number or credit/debit card number


What organizations are impacted?

This new legislation affects all organizations that own or license personal information of Massachusetts residents – regardless of the size or location of the business. And, organizations must require and oversee that third-party service providers with access to personal information also comply with the new law. Organizations affected include:

  • Businesses that track customers by account numbers (such as healthcare institutions and related vendors)
  • Retailers that accept credit cards for purchases by Massachusetts customers
  • Financial institutions (such as banks, insurers, or brokerages) with customers residing in Massachusetts
  • Companies with branch offices located in Massachusetts


What should you do next?

Read the press release from the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) which provides a summary of the law that went into effect on March 1, 2010.

Download a complete copy of the Massachusetts Privacy Law to assess the impact on your organization.

If you are a small business, review the small business checklist published by the Massachusetts Office of Consumer Affairs and Business Regulation (OCBAR).


How can we help?

Coviant Software offers a suite of managed file transfer products that encrypt your data before, during, and after transit. Click below to start a free trial of Basic EditionStandard Edition, or Enterprise Edition now. Or, contact us at 210-985-0985 for more information or to request a quote.

Why do all School Buses Look the Same? (TL;DR: Standardized = good)

When things are standardized, operations are safer, easier, and more cost effective.

Automating and Securing HR Data Transfers to AbsenceSoft

One of the many things I love about my job is hearing from our customers how Diplomat MFT helped them solve a data management and compliance problem. Turns out there are a lot more ways secure, managed file transfer can help organizations interact with customers and...

Coviant Software: Your Trusted Partner for HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 and is one of the first regulations to apply specifically to securing a type of information we now know as protected health information (PHI) in electronic or digital form, both when...

With Diplomat MFT, CitiConnect Compliance is as Simple as 1-2-3

One of the big advantages of a well-built, commercial, secure managed file transfer (MFT) solution compared to an in-house, DIY approach, is an architecture with broad support for integrations and protocols that enable interoperability with other organizations. Many...