201 CMR 17.00:

Massachusetts Compliance Guideline

Massachusetts has a high standard for consumer protection that most states look to as a source to frame their own laws.  201 CMR 17.00 requires any business that stores or licenses personal information of residents in the state to notify the Office Of Consumer Affairs & Business Regulation, as well as the Office of Attorney General and those affected, within a reasonable amount of time of suspecting a breach of security.  The notifications must include...

Download Our Compliance Guide

Additional Resources


Any organization who stores or uses personal information are subject to 201 CMR 17.00. TSI assists organizations by educating & implementing strategies that limit the liabilities of noncompliance & minimize the effect of a data breach.

Learn More

Not having a written information security program for your business could be putting your data at risk of not only theft, but substantial legal damages. There are strict guidelines to safeguarding consumer information stored on your network.

Read More

TSI has an established practice, helping you meet federal & state industry compliance or regulatory technology requirements. IT compliance is an ongoing process, including rigorous testing & reporting needed to verify your level of compliance.

Contact Us