We've updated Mass. Law About Identity Theft to include a new regulation, 201 CMR 17, and new Executive Order #504.
The regulation, which takes effect Jan. 1, 2009, requires those who keep personal information about individuals to meet certain minimum security standards for both paper and electronic records. One provision, for example, requires all personal data on laptops or other portable devices to be encrypted. The executive order requires state agencies to take similar security precautions.