Funds & Advisers
Feb. 17, 2010 -- The March 1, 2010 deadline for compliance with the Massachusetts Data Privacy Standards (“Standards”) is rapidly approaching.
The Standards apply to persons, corporations, associations, partnerships or other legal entities that have personally identifiable information (“PII”) of residents of Massachusetts (customers or employees), regardless of whether the company has a place of business or staff located in the state of Massachusetts. Under the Massachusetts Standards, PII includes such information as social security numbers, driver’s license or state identification card numbers, credit and debit card numbers or financial account numbers (i.e., checking or savings accounts, annuities, any kind of investment account, and credit or debit accounts). Mutual funds, private funds and advisers may retain this type of information on behalf of clients, investors and/or shareholders.
The Standards require that organizations with PII develop, implement and maintain a comprehensive written program that contains administrative, technical and physical safeguards to be followed using a risk-based approach appropriate to the size, scope and type of business; the resources available; amount of stored data; and the need for security and confidentiality surrounding both customer and employee information. The safeguards must be consistent with those set forth by any state or federal regulations by which the person may be regulated. The risk-based approach closely follows the SEC’s proposed amendments to Regulation S-P and the FTC’s Safeguards Rule.
The Massachusetts government website contains various documents to assist businesses in establishing their programs including Frequently Asked Questions (“FAQ”); a Small Business Guide for Formulating a Comprehensive Written Information Security Program; a Compliance Checklist; and the Final Standards.
If you would like assistance in determining if your firm is impacted by this new requirement or with the implementation of the requirements of these new Standards, please contact us.