Identity Theft Regulation Implementation Delayed

The Office of Consumer Affairs and Business Regulation announced Friday that the effective date of  201 CMR 17 would be delayed. The implementation of the regulations designed to protect individuals' privacy was delayed "to provide flexibility to businesses that may be experiencing financial challenges brought on by national and international economic conditions." 

New deadlines:

• "The general compliance deadline for 201 CMR 17.00 has been extended from January 1, 2009 to May 1, 2009.
  
• The deadline for ensuring that third-party service providers are capable of protecting personal information and contractually binding them to do so will be extended from January 1, 2009 to May 1, 2009, and the deadline for requiring written certification from third-party providers will be further extended to January 1, 2010. 
  
• The deadline for ensuring encryption of laptops will be extended from January 1, 2009 to May 1, 2009, and the deadline for ensuring encryption of other portable devices will be further extended to January 1, 2010."