Disclaimer: Information on this page is our (Disc Interchange Service Company) interpretation of this law and may not be correct or agree with the Massachusetts Attorney General.
Last update: February 19, 2011
Massachusetts has implemented a new Data Security Law, 201 CMR 17.00, which went into effect on March 1, 2010. It is intended to protect the citizens of Massachusetts from identity theft. It addresses the safeguarding of "Personal Information" for all Massachusetts citizens.
Although the law does not directly affect the services we can perform, it does prohibit shipping some types of tapes via common carrier (UPS, FedEx, USPS) if they contain "Personal Information" on any Massachusetts residents, and the data is not encrypted. "Personal Information" is defined as a person's name, in combination with their Social Security number, driver's license number, credit card number, or financial account number. Please note that this only applies for Massachusetts citizens, not residents of other states.
In brief, the law prohibits shipping computer media containing "Personal Information" on Massachusetts citizens unless it is encrypted, sent via secure courier, or is on an exempt tape or disk.
Here is how the law applies:
This is a Massachusetts law, and only applies to "Personal Information" on Massachusetts residents. According to the State of Massachusetts, the law applies to any business who "owns or licenses Personal Information on any Massachusetts resident", regardless of their location (inside or outside of Massachusetts).
The following summarizes how this law has affected our various services:
Many of our customers are confused by this law, and we have found it difficult to interpret which tapes are exempt. We have written extensively about this on our Massachusetts Data Security Law page.
Disc Interchange Service Company, Inc.
15 Stony Brook Road
Westford, MA 01886