Listen to: "The Massachusetts Data Protection Act: Tightening Up Individual State Data Privacy Laws"

Key Takeaways

  • States with Their Own Data Privacy Laws
  • Requirements of Massachusetts Data Protection Act
  • Federal Regulations Fill in the Gaps

A year after the mad dash to achieve compliance before the May 25, 2018, enforcement deadline for the General Data Protection Regulation (GDPR) has passed, industry marketers reportedly feel generally confident about their organizations’ respective compliance levels.

While consumers report a marked increase in pop-up ads when visiting a company’s website, there have been few egregious complaints. Further, there have been no widespread broadcasts about companies incurring massive fines for non-compliance.

After the GDPR deadline passed, California soon introduced the California Consumer Privacy Act (CCPA), which is the toughest regulation on this side of the Atlantic Ocean.

Still relatively early in their respective enactments, both the GDPR and CCPA have both spurred the question of tighter data privacy laws in states across the U.S.

Several U.S. States Work to Follow the Lead of the GDPR and CCPA to Protect Consumer Data

While there is no overarching regulation across the United States that mimics the GDPR—or even the CCPA—several individual states are working toward developing their own data privacy laws on behalf of their consumer citizens.

Many states have already enacted their own data protection laws that apply to all businesses. These states are currently:

  • Arkansas
  • California
  • Colorado
  • Connecticut
  • Florida
  • Indiana
  • Kansas
  • Maryland
  • Massachusetts
  • Minnesota
  • Nevada
  • New Mexico
  • Oregon
  • Rhode Island
  • Texas
  • Utah

Each of these states have developed and adopted their own data protection laws that require companies that hold personal consumer information of state residents to protect that information.

Take a moment to look over a few of states’ approach to data protection in the United States.

California

California’s CCPA is one of the broadest and far-reaching data privacy acts in the U.S., featuring some key state-specific statutes and several requirements calling for organizations to develop and employ safeguards set to protect California’s residents.

Rhode Island

Rhode Island has passed its own Identity Theft Protection Act of 2015, which states that a person or business that collects, stores, processes, acquires, maintains, uses, or licenses personal information regarding a Rhode Island resident must adopt, implement and maintain reasonable security procedures. The requirements leave a great deal open to interpretation, such as the definition of “reasonable.”

Utah

The Utah Protection of Personal Information Act (UPPA) features a main provision that states that any business in the state maintaining personal information must develop, deploy and maintain reasonable procedures to protect data collected or maintained in the regular course of business. Similar to Rhode Island’s protection act, Utah’s UPPA leaves a lot of matters somewhat unclear to business owners and consumers alike.

The Commonwealth of Massachusetts Is Taking Data Protection to the Next Level

Massachusetts, along with Nevada, has the toughest state data protection law in the nation. The state’s Standards for the Protection of Personal Information of Residents of the Commonwealth provides that every person or business owning or licensing personal information regarding a resident of Massachusetts is required to develop, implement and maintain a comprehensive information security program, which includes the following:

  • Designating personnel to tend to the comprehensive information security program
  • Creating a means of detecting and preventing security system failures
  • Developing solid security policies for staff relating to the collection, storage, access and transportation of records and personal information outside of the physical business premises
  • Devising and imposing disciplinary actions for violations against the information security program
  • Protecting personal information from terminated employees by removing access privileges upon termination
  • Working with and overseeing service providers, or service organizations, requiring them to follow the client business’s security measures for personal information
  • And many others

Further, the Commonwealth of Massachusetts sets forth security requirements for organizations’ computer systems, which must contain the following, at a minimum:

  • Secure user authentication protocols
  • Secure access control measures
  • Encryption of all transmitted records and files
  • Reasonable monitoring systems
  • Encryption of all personal information stored on laptops and other portable devices
  • Reasonably up-to-date firewall protection
  • And much more

Massachusetts really has taken its focus on consumer data protection to the next level, especially compared to so many states that provide vague definitions and directives. Compliance may prove more challenging for businesses, but the residents are given full consideration for entrusting their data with Massachusetts’ businesses.

Certain U.S. Federal Regulations Fill in the Gaps Left Unprotected by State Data Privacy Laws

The development of individually designed and implemented state data privacy laws is ideal in protecting the state’s consumers, but many states are well on their way, just by recognizing the need and launching a plan. In the meantime, however, there are certain federal regulations that help stem the tide of potential data breaches and other issues with confidential consumer information.

Following are a few of the key regulations that can help you protect your state residents’ data until your state passes its own laws:

  • Health Insurance Portability and Accountability Act of 1996 (HIPAA) for the healthcare industry
  • Gramm-Leach-Bliley Act for the financial industry
  • New York State Department of Financial Services’ Cybersecurity Law for the insurance and financial services sectors

Even if a state does not have an official data protection act in place, or the existing one is still in progress, these industry-specific regulations can help serve as a guide.

Do You Need More Information on Your State’s Data Protection Laws?

Do you know just what your state requires of your business when it comes to protecting confidential consumer data in your care? Since some states’ acts contain a lot of gray areas, our team of data privacy experts at I.S. Partners can to help you understand their meaning better, or we can simply update you about the basic consumer protections for which you are responsible.

Call us at 215-675-1400, or request a quote so we can make sure you are compliant with your state’s regulations and that you have your customers’ data protected at all times.

Author Picture

Request a Quote

Get hassle-free pricing in 3 easy steps:

  • Step 1: Send us a message
  • Step 2: Allow us to create a customized plan
  • Step 3: We’ll get you an accurate, no-obligation quote
[form_name]

Start Here

Request a Quote

Please fill out the fields below and one of our specialists will contact you shortly. Want to speak to us now? Call us at (866) 335-6235

Request a Quote (ACTIVE)

I.S. Partners is serious about privacy. We will never share your information with third parties. Please read our Privacy Policy for more information.

Sending
I.S. Partners

Your choice regarding cookies on this site

This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. To find out more about the cookies we use, see our Privacy Policy.

If you decline, your information won’t be tracked when you visit this website. A single cookie will be used in your browser to remember your preference not to be tracked.