SENATE DOCKET, NO. 2025        FILED ON: 1/16/2009

SENATE  .  .  .  .  .  .  .  .  .  .  .  .  .  .  No. 129

The Commonwealth of Massachusetts

_______________

In the Year Two Thousand Nine

_______________

An Act to Improve Data Security..

Be it enacted by the Senate and House of Representatives in General Court assembled, and by the authority of the same, as follows:
 

SECTION 1.  Section 2 of Chapter 93H of the General Laws, as amended by Section 16 of Chapter 82 of the Acts of 2007, is hereby further amended by striking out subsection (a) and inserting in place thereof the following:-

(a) The department of consumer affairs and business regulation shall adopt regulations relative to any person that owns or licenses personal information about a resident of the commonwealth.  Such regulations shall be designed to safeguard the personal information of residents of the commonwealth and shall be consistent with the safeguards for protection of personal information set forth in the federal regulations by which the person is regulated.  The objectives of the regulations shall be to: insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer. The department, in developing such regulations, shall take into account the person’s size, scope and type of business, the amount of resources available to such person, the amount of stored data, and the need for security and confidentiality of both consumer and employee information and shall develop not less than two levels of regulation based on these criteria, and further, shall include a process by which a person may seek a permanent or temporary waiver from a regulation due to a demonstrated showing of economic hardship.