Products & Releases

Survey: Organizations Face Challenges In Readying For New Massachusetts Data Security Regulations

Companies face three significant challenges - cost, time and number of vendors involved, according to survey conducted by Goodwin Procter and the International Association of Privacy Professionals
BOSTON, Sept. 15 /PRNewswire-USNewswire/ --According to a new survey conducted by Goodwin Procter LLP and the International Association of Privacy Professionals (IAPP), companies face three significant challenges - cost, time and number of vendors involved - in complying with new data security rules issued by the Commonwealth of Massachusetts earlier this year.

The Commonwealth of Massachusetts has issued rules, which take effect on March 1, 2010, that impose significant data security requirements on entities possessing personal information of state residents, including entities based outside Massachusetts. The intent of the rules is to protect sensitive data and safeguard the public's privacy.

The survey revealed that 60 percent of information privacy professionals say they expect their organizations' compliance efforts in support of the data security regulations to be complete when the new rules go into effect, and another 29 percent of information privacy professionals say compliance efforts will "probably" be complete by the deadline. One potential reason for the uncertainty is that 60 percent of respondents indicate their organizations have more than 10 vendors with access to personal information, and 30 percent say they have over 100 vendors with access to personal information - which complicates the compliance process.

Complying with the new regulations is also proving to be a costly effort for many organizations - with 33 percent of respondents saying their firms have already spent more than $50,000 on complying with the upcoming rules. Another 12 percent of those surveyed say their organizations have spent between $10,000 and $50,000 and 44 percent have spent more than 100 hours in compliance activities.

IAPP and Goodwin Procter will share the findings of the survey with attendees of the IAPP Privacy Academy, which takes place in Boston from September 16 to 18. This survey was conducted online in August 2009 among IAPP members with more than 200 respondents participating.

Goodwin Procter Experts at Privacy Academy

Goodwin Procter will have a number of data privacy and security experts speaking at the IAPP Privacy Academy. Their sessions are:

The New Massachusetts Privacy Law: What Does It Mean for You? This workshop will help attendees learn how to comply with the upcoming regulations. It will be moderated by Agnes Bundy Scanlan and will include Lynne Barr. The session features a keynote presentation by Martha Coakley, Massachusetts Attorney General. It takes place on September 16 from 8:00 a.m. to 12:00 noon.

Suggestions From the States: Designing a Workable Breach Notice Requirement. This session will review the various data security standards set by U.S. state governments. It will draw on those experiences to offer policy recommendations for Europe and Canada as well as for crafting new, revised data breach notice requirement laws in the United States. The session panel includes James Shreve. It takes place on September 17 from 11:00 a.m. to 12:00 noon.

Massachusetts Data Security Regulations: Perspectives From Regulators, Enforcers, Practitioners and Industry. This session will discuss Massachusetts regulations, and examine the common business circumstances that may call for encryption of information, best practices for compliance and avoidance of liability, state enforcement efforts, and how to limit and remediate the damages of identity theft. The session panel includes David Goldstone. It takes place on September 17 from 1:00 p.m. to 2:00 p.m.

Also during the course of the conference, the Goodwin Procter IAPP Privacy Vanguard Award will be awarded to the privacy professional who has best demonstrated outstanding leadership, knowledge and creativity in privacy and data protection, whether through spearheading projects or programs that positively impact the privacy profession or through achievements over the course of an entire tenure or career. The IAPP Board of Directors' Executive Committee selects the recipient from a distinguished list of nominees.

About Goodwin Procter

Goodwin Procter LLP is one of the nation's leading law firms with offices in Boston, Hong Kong, London, Los Angeles, New York, San Diego, San Francisco, Silicon Valley, and Washington, D.C. The firm's core areas of practice are corporate, litigation and real estate, with specialized areas of focus that include financial services, private equity, technology, REITs and real estate capital markets, intellectual property, tax and products liability. Information may be found at

About the IAPP

The International Association of Privacy Professionals is the world's largest association of privacy professionals with more than 6,000 members across 50 countries. The IAPP helps to define and support the privacy profession through networking, education and certification. More information about the IAPP is available at