The Commonwealth of Massachusetts has enacted a law to protect personal information and data. This law went into effect on March 1, 2010.
The law applies to any record, whether electronic or paper, containing personal information about an individual. It requires the College to establish, maintain, and monitor a comprehensive, written security program that meets specific Commonwealth standards. The law defines “personal information or data” as:
- Social Security numbers,
- Credit or debit card numbers,
- Driver’s license numbers
- State-issued identification card numbers, and
- Other personal financial account numbers.
In addition to the Massachusetts law, the College must continue, of course, to protect other personal data in its possession under federal laws and regulations, including the Family Education Rights and Privacy Act, the Health Insurance Portability and Accountability Act, the Electronic Communications Privacy Act, and specific Federal Rules of Civil Procedure. Important to keep in mind with all of these laws and regulations is that the College remains responsible for the data it collects and manages even when it contracts with a third party to assist or provide services with this information in some fashion.
For detailed information, please consult the items linked below.