New regulations for the safeguarding of personal information for residents of Massachusetts will go into effect on 1 March, 2010. For companies in the state – private equity firms among them – this will mean an upgrade to their IT systems.
The regulations apply to entities that “own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts” – a very broad category into which local private equity firms clearly fall. Because personal information in this case would refer to data on both employees of the firm and any LPs, even GPs based outside of Massachusetts may be subject to the regulations if any of their LPs are based in the state.
According to a memo from law firm Proskauer Rose, personal information is generally defined as a Massachusetts resident’s name in combination with his or her Social Security number, driver’s license or state ID card number, or financial account or credit or debit card number that would permit access to the resident’s financial accounts. The regulations apply to both digital and paper documentation of this information. Firms need to keep this information safe in storage as well as during transmission.
Firms will need to develop and maintain a written security policy describing how they protect the confidentiality of their records. They may also need to make improvements to the ways they store and transmit personal information, mostly through encryption.
Upgrading your systems to ensure compliance will require making sure firewalls and network protections are up-to-date, and installing data encryption capabilities on all desktops, laptops and Blackberries, Proskauer advises.
If you do not receive this within five minutes, please try to sign in again. If the problem persists, please email: