Bill S.173 186th (2009 - 2010)

SENATE DOCKET, NO. 895        FILED ON: 1/13/2009

SENATE  .  .  .  .  .  .  .  .  .  .  .  .  .  .  No. 173

The Commonwealth of Massachusetts

_______________

PRESENTED BY:

Michael W. Morrissey

_______________

To the Honorable Senate and House of Representatives of the Commonwealth of Massachusetts in General
              Court assembled:

              The undersigned legislators and/or citizens respectfully petition for the passage of the accompanying bill:

An Act ensuring the privacy of certain data.

_______________

PETI TION OF:

The Commonwealth of Massachusetts
 

_______________

In the Year Two Thousand and Nine

_______________

An Act ensuring the privacy of certain data.


 

              Be it enacted by the Senate and House of Representatives in General Court assembled, and by the authority of the same, as follows:
 

SECTION 1. Section 2 of Chapter 93H of the General Laws, as appearing in the 2006 Official Edition, is hereby amended by striking out subsection (a) and inserting in place thereof the following : - (a ) The department of consumer affairs and business regulation may adopt regulations relative to any person or agency that owns or licenses personal information about a resident of the commonwealth. Suc h regulations shall be designed to safeguard the personal information of residents of the commonwealth and shall be consistent with the safeguards for protection of personal information set forth in the federal regulations by which the person or agency is regulated. The objectives of the regulations shall be to: insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of s uch information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer. The department shall not in its regulations, however, require covered persons to use a specific tec hnology or technologies, or a specific method or methods for protecting personal information.

The regulations shall take into account the person’s size, scope and type of business, the amount of resources available to such person, the amount of stored da ta, and the need for security and confidentiality of both consumer and employee information. Notwithstanding the rules adopted by the department pursuant to the provisions above, said department shall create separate regulations for small businesses covere d by this chapter that reflect said small businesses unique situation and resources. 

Any person who is required to comply with federal laws, rules, regulations, guidance, or guidelines safeguarding personal information is deemed to be in compliance with this chapter. 

SECTION 2. Section 6 of Chapter 93H of the General Laws is hereby amended by adding at the end thereof the following : -   A willful violation of this chapter or regulations implementing this chapter, or a written information security plan issued by a person covered by state or federal privacy laws shall provide just cause for the termination of an employee, whether the employee is employed by a private person, public agency or poli tical subdivision of the state.