On August 17, 2009, the Massachusetts Office of Consumer Affairs and Business Regulation published for comment proposed amendments to the regulations that require persons (including funds) who own or license personal information about a Massachusetts resident, such as a shareholder or employee, to develop, implement and maintain a comprehensive, written information security program, including a computer security system program. Under the amended regulations, “owns or licenses” is defined to include receiving, processing or otherwise accessing personal information. The revised regulations set forth a risk-based approach to information security, reflect that a number of the specific provisions previously required to be in the information security program were removed, apply technical feasibility to the computer security requirements and make the third-party vendor requirements consistent with federal law. A hearing on the proposed amendments is scheduled for September 22, 2009. The deadline for compliance with the proposed amended regulations is March 1, 2010.