Compliance | MA 201 CMR 17.00

Government Contractors, Suppliers, Manufacturers

Whether or not your business is based in Massachusetts, if you handle personal information of Massachusetts residents, you must comply with MA 201 CMR 17.00.

MA 201 CMR 17.00 is the minimum standard designed to protect Massachusetts residents against breached confidentiality, exposure, or unauthorized access to personal information. If you are an employer of Massachusetts residents, this applies to you.

A major component of compliance with CMR 17.00 is the development of a Written Information Security Plan (WISP). This document outlines the steps your company takes to protect sensitive personal information and establishes a process for reporting data breaches.

In the unfortunate event your company experiences a data breach, there are automatic fines if you don’t have a WISP in place.

For more information on what to do and how, contact us.

Contact Us

We'd love to hear from you. Send us an email and we'll get back to you ASAP.