Scope, Purpose, and Other General Provisions
Effective Jan 22, 2010MGL c. 93H, § 2(c)Office of the Attorney General
- (1) Applicability. 940 CMR 27.00 is applicable to the Office of the Attorney General (AGO).
- (2) Purpose. The Attorney General promulgates 940 CMR 27.00, relating to the Safeguard of Personal Information, pursuant to her authority in M.G.L. c. 93H, § 2(c).
- (3) The purpose of 940 CMR 27.00 is to effectuate the purpose of M.G.L. c. 93H, that is, to: ensure the security and confidentiality of consumer and employee information in a manner fully consistent with industry standards; to protect against anticipated threats or hazards to the security or integrity of such information; and to protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any resident of the commonwealth.
- (4) Scope. 940 CMR 27.00 governs the collection, maintenance, and disclosure of "personal information" as defined by M.G.L. c. 93H, § 1(a), and 940 CMR. 27.00.
- (5) Consistency. 940 CMR 27.00 should be read consistently with other state or federal laws and regulations applicable to the AGO and already in place, including but not limited to the public records laws (e.g., M.G.L. c. 66, § 10; the Fair Information Practices Act, M.G.L. c. 66A, § 1; the Criminal Offender Record Information Act, M.G.L. c. 6, § 172; 940 CMR 11.00).
- (6) Limitation. 940 CMR 27.00 is not intended to establish a standard of care or create any independent private right, remedy, or cause of action on the part of any employee, consumer, or other third party on account of any action the AGO takes or fails to take in relation to the Written Information Security Program (WISP).