"

Estimated reading time: 2 minutes, 18 seconds

Massachusetts Extends Compliance Deadline

Monday, Aug 24 2009
Running a Firm
Written by 

In 2008, the Massachusetts Office of Consumer Affairs and Business Regulation introduced 201 CMR 17.00 which has become the gold standard of data protection laws.

“This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met by persons who own or license personal information about a resident of the Commonwealth of Massachusetts. This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records.”Mass Seal

 


In other words, the regulation applies to every CPA firm that has an individual client or an employee that resides in Massachusetts. The original deadline for compliance was January 1, 2009.  This deadline was first extended until May 1, 2009 and was later extended until January 1, 2010.

 

Well, guess what? It has been extended yet again! On August 17, 2009, the Governor, Lieutenant Governor and Undersecretary issued a statement entitled Small-Business Considerations Reflected in Massachusetts’ Revised ID Theft Regulations. Included in the statement was the following:

 

“The updated regulations will take effect March 1, 2010. The regulations make clear that their approach to data security is a risk-based approach that is especially important to small businesses that may not handle a lot of personal information about customers. Under a risk-based approach, a business, in developing a written security program, should take into account its size, nature of its business, the kinds of records it maintains, and the risk of identity theft posed by its operations.”

The extension will help most businesses within the Commonwealth. However, I don’t think it will help many CPA firms. Tax season is not the time you want to worry about the complexities of this regulation. Long before winter hits, firms should review the regulation, determine how they impact the organization, and implement the technologies required to ensure compliance with the regulation.
If you have any questions about this new regulation or need help at your firm, please contact Barry MacQuarrie, CPA, at This email address is being protected from spambots. You need JavaScript enabled to view it..

Read 5757 times
Rate this item
(0 votes)
More in this category: « Why Your Clients Need an Annual Financial Check-Up Every CPA Firm Needs a BCP and DRP »
Barry MacQuarrie CPA.CITP

Latest from Barry MacQuarrie CPA.CITP

Visit other PMG Sites:
Template Settings
Theme

Color

For each color, the params below will give default values
Tomato Green Blue Cyan Dark_Red Dark_Blue

Body

Background Color
Link Color
Text Color

Header

Background Color
Background Image
pattern1 pattern2 pattern3 pattern4 pattern5

Footer

Background Color
Background Image
pattern1 pattern2 pattern3 pattern4 pattern5
Layout
Select layout
Menu
Select menu
Typography
Google Font
Body Font-size
Body Font-family
Direction
Reset
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.
Ok Decline