• United States



by Senior Editor

The Mass. 201 CMR 17 Survival Guide

Nov 18, 20092 mins
ComplianceData and Information SecurityGovernment

As companies scramble to meet the requirements of the Bay State's data security law, offers this collection of articles and podcasts to help IT security practitioners and compliance officers find the best approach.

Ask IT security practitioners what their greatest compliance concern is these days and most will mention Mass 201 CMR 17.

It is one of many state laws companies must heed, on top of such industry standards as PCI DSS and federal laws like HIPAA and Sarbanes-Oxley. has been covering the challenges of Mass. 201 CMR 17 extensively, and has assembled this collection of articles and audio content to help companies plot their course. We hope you find it helpful.


Mass 201 CMR 17: A Survival Guide for the Anxious

Security experts offer tips for navigating Mass 201 CMR 17. Will your business be ready?

Why Mass. 201 CMR 17 Deadline Was Extended

Companies that live or do business in Massachusetts have a few extra months to meet compliance deadlines for the state’s tough 201 CMR 17 data protection law. The simple reason: Too few understand the law to meet the original deadlines.

Mass. 201 CMR 17: The Darkness and the Light

Some security experts say Massachusetts’ new data protection law (Mass. 201 CMR 17) is among the toughest they’ve seen. Three IT security practitioners who must deal with the law opine on whether it’s too harsh or not tough enough.

Mass. Data Protection Law Amended, Deadline Extended (Again)

Extension gives businesses until next year to comply with tough data privacy rules

CSO Disclosure Series | The Dos and Don’ts of Disclosure Letters

One security breach, two letters, 11 lessons in the art of telling customers you screwed up. Two PR pros deconstruct the messages that and USAJOBS were really giving to customers whose personal information had been disclosed. Part of an in-depth series about disclosing breaches.