It's Now the Law! Tough New Data Protection Law Starts in Massachusetts

Consumer and privacy advocates heralded Massachusetts for the March passage of the nation’s strictest law yet on data security. But in the months since, many of those charged with carrying out the law – including condominiums and property management firms – have struggled with its many requirements.

Experts familiar with the law are strongly advising condominium association boards and management companies to take steps to comply with it, and understand their potential liability.

The law, known as 201 CMR 17.00,can be read in full on the Office of Consumer Affairs and Business Regulation website (http://www.mass. gov/Eoca/docs/idtheft/201CMR1700reg.pdf).

Basically, it places stringent data security obligations on any organization that collects, uses, stores, transmits, or disposes of personal information (PI) about a Massachusetts resident. The law applies to entities outside the stateas well, like a border state property management firm with Massachusetts portfolios.

PIs include a person’s full name (or last name plus first initial), and numbers such as Social Security, bank account, credit or debit card, driver’s license, PIN, or a code that would enable an unauthorized person to gain access to those accounts. (For condo associations, this information could be found on checks for condo fees or on forms that unit owners fill out for automatic withdrawal of those fees.)


Related Articles

Multifamily Communities and Social Media

Why Some Go Online While Others Opt Out

Neighborly Neglect

Dealing with Bad Behavior

Security vs. Scrutiny

Does Security Trump Privacy for Condo Residents?



  • These measures are a step in the right direction. Still, our readers should be advised; these laws mean nothing if they are not being incorporated within condominium business structures. My personal experience reflects a system whereas, the very same policies are not being enforced. E.