Massachusetts gets new data security regulations

2009-08-24

Changes have been made to Massachusetts' identity theft regulations, with the updated rules to come into force in March next year.

The regulations, which were announced by Massachusetts undersecretary of the Office of Consumer Affairs and Business Regulation Barbara Anthony, stipulate that businesses' approach to data security is a risk-based one.

This approach means that firms should take the size and nature of their business into account when drawing up a written security program, as well as the types of records they keep and the risk of identity theft posed by their operations.

"These updated regulations feature a fair balance between consumer protections and business realities," commented Ms Anthony.

"We understand there were issues regarding the impact these regulations have on those companies," she added.

One business that recently reported a data breach was Radisson Hotels & Resorts.

It revealed computer systems at a number of hotels across Canada and the US containing customer data were accessed without authorisation.

Read more security news.