800 222 8711 Contact Us Join Mail List Secure Mail Submit a Claim
Search magnifying glass icon


On March 1, 2010, the Massachusetts law implementing  “Standards for the Protection of Personal Information of Residents of the Commonwealth”, MA 201 CMR 17, went into effect. The law requires that businesses and individuals that receive, store, maintain, process, or otherwise have access to personal information have written information security procedures. While significant time has passed since the laws went into effect, there are many individuals and businesses that still aren't fully aware of the requirements and potential risks and penalties for noncompliance.

definition of "personal information"

Personal information is defined as “a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account.” Source: www.mass.gov

what's at risk?

In addition to reputation damage, the financial costs of not complying with the Massachusetts privacy regulations can be significant. The Massachusetts attorney general may seek a temporary restraining order or a preliminary or permanent injunction against any entity suspected of being in violation of the Regulations. If a court finds that the regulations were violated, it may impose civil penalties of up to $5,000 per violation, as well as court costs and attorneys’ fees. For example, if 100 customers have their information breached $5000 x 100 = $500,000. 

If you weren't aware of the law or haven’t developed written security procedures, the links below provide additional information. 

cyber liability insurance offers support if a breach occurs

Beyond preparing procedures to be in compliance, you can reduce your financial risk for a wide range of situations through cyber liability insurance coverage. Some of the types of claims that may occur include:

  • Accidental release of confidential customer information
  • Spreading a virus into a customer’s computer system
  • Theft of customer’s credit card or banking account numbers
  • Derogatory comments made online about a competitor by an employee
  • Denial of service attack hacking
  • Electronic data extortion or destruction
  • Webmaster uses another site's content in site development 

While no policy covers every situation, having this specialized coverage can provide relief if your a databe breach occurs despite your prevention efforts. To discuss cyber liability insurance for your company, please contact us online or call at 800-222-8711.

Post Rating


Christopher Bowman
Wednesday, June 27, 2018 2:37 PM
Thank you.

Post Comment

Name (required)

Email (required)


Enter the code shown above:


The information provided in these articles are only general descriptions and should not be relied upon as complete, correct or accurate for your specific situation. All coverage informaiton is subject to policy provisions, endorsements and may be  subject to your meeting underwriting qualifications. Murphy Insurance Agency is not engaged in rendering legal, accounting or other noninsurance professional services. Consult an appropriate professional for advice regarding your own situation.