Wednesday, March 24, 2010

Mass Privacy Legislation: Other States too?

Below is Kathleen Zortman's response to my question as to whether VA, MD or DC have laws similar to that which recently went into effect in Massachusetts. Read on!


What does Jimmy do all day? Follow him:

Sent using BlackBerry

From: Kathleen Zortman,
Professional Risk Solutions

As promised, I spoke with our attorneys re: any law or legislation in DC, MD or VA (or other states) that is similar to the new Massachusetts Privacy Legislation. Our quick research indicates the following:

· Virginia, Maryland and District of Columbia have enacted breach notification laws—which require notification to consumers of security breaches involving personal information (e.g. name, ss#, driver’s license #, credit card #, etc.). In fact, they are part of the approx. 45 states that have done so (see PDF list attached). However, according to a March 1, 2010 article by The Compliance Authority, Inc., it appears that only Massachusetts and California have called for access control—i.e. the monitoring operations and encryption of data requirements as set forth in Massachusetts law (20 CMR 17.00).

· Other articles suggest that the Massachusetts law (20 CMR 17.00.) is breaking new ground in data protection requirements, just as the California state data breach notification law <> that was passed in 2003 did for state data breach notification laws. It appears that the Massachusetts government didn't believe that data breach notification alone was sufficient to protect its citizens especially in the midst of the current climate of consumer protectionism. The effect of the Massachusetts law has already been seen though, as other states (such as Michigan) are looking at passing similar tough data protection requirements for their state residents' personal information.

It appears that this is a burgeoning area of the law. Therefore, we will continue to monitor the situation and let you know of any meaningful changes. I hope this information is helpful. Please let me know if you have any further questions.



Kathleen O. Zortman


Professional Risk Solutions

285 Davidson Ave, Suite 101

Somerset, NJ 08873

p. 732.764.1000 x17

m. 908.230.5731


1 comment: