Deadlines for Massachusetts Personal Information Security Standards Further Extended

In September 2008, the Massachusetts Office of Consumer Affairs and Business Regulation (the "OCABR") issued regulations for the protection and storage of personal information of Massachusetts residents. As we wrote in our December alert, these regulations will apply to all businesses that store the "personal information" of Massachusetts residents, regardless of whether a business is located in Massachusetts. The new regulations will have a significant impact on all employers that employ Massachusetts residents, as they will store the personal information of their employees, as well as on bricks and mortar and Internet retailers who collect the credit card information of Massachusetts residents.

The regulations were initially set to take effect on January 1, 2009, but in response to "intervening economic circumstances" and complaints from the business community, the OCABR has for the second time extended the deadlines for compliance. The deadline for compliance with all of the Massachusetts Personal Information Security Regulations is now January 1, 2010.

Look for our future alert in which we will provide an overview of the regulations and recommendations for compliance.