Massachusetts CMR-201 is a state data privacy regulation which protects personally identifiable information. Massachusetts CMR-201 was issued on September 19, 2008 and became effective May 1, 2009. The regulation applies to all businesses and other legal entities that own, license, collect, store or maintain personal information about a resident of the Commonwealth of Massachusetts.

The policy looks for at least one match to personally identifiable information, which may include:

  • ABA Routing Numbers

  • Credit Card Number

  • Credit Card Track Data

  • US Bank Account Numbers

  • US Drivers License Number

  • US Social Security Number