Synopsis: Privacy regulations adopted by the Massachusetts Office of Consumer Affairs and Business Regulation (201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth) require that any person or entity (including private investment funds based outside of Massachusetts) maintaining personal information of a Massachusetts resident, whether in paper or electronic form, develop and implement a written information protection and security program by January 1, 2010, as well as adhere to certain other privacy guidelines. In order to assist with compliance with the new regulations, the Massachusetts Office of Consumer Affairs and Business Regulation has provided a website containing helpful resources, including a compliance checklist, for persons subject to the privacy regulations. The website is available here. Members of the Lowenstein Sandler Investment Management and Intellectual Property Groups analyze the impact of the privacy regulations in a recent article in Bloomberg Law Reports, Privacy and Information, available here.
Status: The privacy regulations were originally adopted on September 19, 2008 and subsequently modified to the form described above and in the referenced material, including extending the deadline for implementation. The current deadline for compliance is January 1, 2010.