Final Amendments to Massachusetts Data Security Regulations to Be Announced Shortly

Friday was a busy day for identity theft and data security regulations.  Not long after the Federal Trade Commission announced it was extending the enforcement deadline for the Red Flags Rule for the fourth time, word came from BNA's Privacy & Security Law Report that the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) had filed with the Massachusetts Secretary of State its final amendments to 201 CMR 17.00, the state's data security regulations.  BNA reported that OCABR plans to make the amendments public sometime this week.  BNA further reported that there are no major changes, but that there will be some clarification with respect to contracts between persons who own or license personal information and third-party service providers (201 CMR17.03(2)(f)(2)).  You can check out Dave's post on the last round of significant revisions to the regulations in August, complete with redline.  We have seen a lot of activity in the blogosphere about the new changes, but nothing official yet.  And so far, no announcements of further delays in the effective date, currently set for March 1, 2010.  We will report as soon as we hear more information.