Massachusetts General Law Chapter 93H & 201 CMR 17.00

Massachusetts General Law, Chapter 93H, provides regulations on protecting personal information (PI) of Massachusetts residents, penalties for disclosing PI, and the reporting requirements if the safeguards are breached. 201 CMR 17.00, Standards for the Protection of Personal Information of Residents of the Commonwealth, is a regulation for implementing the provisions of the State Law.

Personal information (PI) is considered by the regulation to be any of the following, when used in conjunction with either the first name, or first initial, and last name of the a Massachusetts resident:

  • Social Security Number;
  • Driver’s license number or state-issued identification card number; or
  • Financial account number or credit card, or debit card, number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account.

As long as the information provided in this list cannot be legally obtained from a publically available information.

The requirements for safeguarding this information is rather inclusive and can be reviewed on the 201 CMR 17.00 PDF from

For additional information, please visit the Massachusetts legislature page on M.G.L. c. 93H

© Wentworth Institute of Technology   |   550 Huntington Avenue   |   Boston, MA 02115   |   617-989-4590