With the recent creation of a special Senate committee on cyber security the Massachusetts legislature committed to assessing the current state of information security. This article reviews current laws, the committee's role and possible future rules.
Existing Regulations Related to Cyber Security
Massachusetts data privacy regulations, 201 CMR 17.00 et sequence, effective March 2010, are considered some of the most comprehensive of the state data security laws. The regulations require every person or entity both inside and outside of the state who have Massachusetts residents' personal information to:
- Develop comprehensive written policies outlining its information security measures;
- Maintain extensive computer system security requirements;
- Encrypt all records transmitted over wireless networks or stored on portable devices;
- Require third-party service providers to maintain compliant security measures;
- Train employees on compliance; and
- At least annually monitor and review security measures.
Creation of Special Senate Committee
In summer 2017, the Special Senate Committee on Cyber Security Readiness was created to "review and make recommendations for the state to improve its cyber security readiness, enhance technological responses to homeland security and public safety threats and further protect financial, medical and other sensitive information." These recommendations are due to the Senate by March 30, 2018.
The formation of the committee demonstrates the state's recognition of the threat posed by online storage of sensitive materials that can be targeted by cyber criminals and the potential for human and economic damages.
Possible Future Rules: Pending Legislation
Several proposed regulations and legislation which are pending review by the legislature:
- H.B. 2668 provides procurement preference to vendors that carry cybersecurity insurance.
- H.B. 2813 relates to the security of personal financial information.
- H.B. 2814 amends certain statutes pertaining to data security breaches and calls for an investigation by a special commission on cybersecurity to assess the various threats across the Commonwealth.
- H.B. 3365 establishes a task force to study the need for increased cyber security within government agencies.
- S.B. 149 relates to the security of personal financial information.
- S.B. 2076 makes appropriations for the Fiscal Year 2018, including an initiative to promote and expand the cyber security sector in the state.
We at TBG, are experts in direct lobbying with local, state, and federal officials. If you would like to discuss cyber-security issues or anything else please reach out to us here for a complimentary Consultation. Also To learn about our other areas of expertise, our accomplishments, and our team, please visit us at The Brennan Group.