Well, guess what? It has been extended yet again! On August 17, 2009, the Governor, Lieutenant Governor and Undersecretary issued a statement entitled Small-Business Considerations Reflected in Massachusetts’ Revised ID Theft Regulations. Included in the statement was the following:
“The updated regulations will take effect March 1, 2010. The regulations make clear that their approach to data security is a risk-based approach that is especially important to small businesses that may not handle a lot of personal information about customers. Under a risk-based approach, a business, in developing a written security program, should take into account its size, nature of its business, the kinds of records it maintains, and the risk of identity theft posed by its operations.”
The extension will help most businesses within the Commonwealth. However, I don’t think it will help many CPA firms. Tax season is not the time you want to worry about the complexities of this regulation. Long before winter hits, firms should review the regulation, determine how they impact the organization, and implement the technologies required to ensure compliance with the regulation.
If you have any questions about this new regulation or need help at your firm, please contact Barry MacQuarrie, CPA, at This email address is being protected from spambots. You need JavaScript enabled to view it..