Massachusetts has set the gold standard when it comes to privacy regulations. Their new regulation, 201 CMR 17, is entitled Standards for The Protection of Personal Information of Residents of the Commonwealth and can be found here. The regulations apply to “all persons that own, license, store or maintain personal information about a resident of the Commonwealth”.
Essentially, the regulations apply to any company that employs residents of Massachusetts and any CPA firm that prepares returns for Massachusetts residents. The requirements of the regulation are comprehensive and will require organizations to devote significant amounts of time, money and energy to ensure compliance.
If the new regulations apply to your firm, you must review the regulation, determine how it impacts your organization, and implement the technologies required to ensure compliance. The regulations require that you develop and maintain a comprehensive written information security plan. In addition, you may need to implement technologies that include secure client communications, drive encryption, an “up-to-date firewall”, virus protection and “secure user authentication protocols”.
The effective date for the new regulations is January 1, 2010.