Although the Massachusetts Data Security Regulations went into effect March 1, 2010, I still find that many companies have not implemented a Written Information Security Program (WISP) and don’t know that they are required to do so.
According to the regulations, any companies or persons who store or use personal information of a Massachusetts resident