G uide to CMR 17.00 Compliance
Standards For The Protection Of Personal Information
Massachusetts sets a strict benchmark for consumer protection, serving as a model for many other states. According to 201 CMR 17.00, any company holding or licensing personal data of Massachusetts residents must promptly inform the Office of Consumer Affairs & Business Regulation, along with the Office of the Attorney General and the affected individuals, upon suspicion of a security breach. Learn how you must respond in the case of a breach below.
A Detailed Description
Inform Users of What Happened
A detailed description of the nature and circumstances of the breach of security or unauthorized acquisition or use of personal information.
Who Was Impacted
Is Law Enforcement Involved?
The total number of Massachusetts residents affected as of the time of notification, as well as information regarding whether law enforcement is engaged investigating the incident.
Steps Taken/to Take
How You'll Resolve Things
You must also include information on the steps already taken relative to the incident, as well as any steps you intend to take relative to the incident after notification.
C MR Compliance FAQ
Get Your Questions Answered by IT Professionals
What Our Clients Are Saying
“There is just too much information to make clear informed IT decisions that are best for your business. Technical Support International’s cloud specialists helped navigate through the abyss of buzzwords and tech-centric concepts to help our business become more efficient and reduce IT capital expenditures. TSI’s ability to outline and explain the variety of available options helped solidify our decision to move to the cloud. I came out of the experience truly appreciating TSI’s approach."
Investment Group / Hyannis, MA