201 CMR 17 is a regulation that governs any person or company that owns or licenses personal information about a resident of the Commonwealth of Massachusetts, and establishes minimum standards for safeguarding this information, including a written and regularly audited plan. The goal of 201 CMR 17 was enacted to ensure that customer information is kept secure and confidential. Companies managing this information must demonstrate the technical, physical, and administrative methods for protecting this information from anticipated threats and hazards. This includes protecting against unauthorized access and use of a consumers’ information that could cause them harm or significant inconvenience. 201 CMR 17 also requires companies to identify employees who will oversee and monitor these security protections on an ongoing basis.
When did 201 CMR 17 go into effect?
Massachusetts General Law Chapter 93H enacted its regulation 201 CMR 17 on March 1, 2010. It establishes minimum standards for safeguarding this information, which includes a written and regularly audited plan.
To see how your organization can strive to be more 201 CMR 17 compliant, read about Rsam's Compliance Management Software solutions.