On September 19, 2008, the Commonwealth of Massachusetts passed regulation 201 CMR 17 in support of M.G.L. c. 93H, which had been enacted a year earlier to establish a framework for the safeguard of personal information of residents of the Commonwealth of Massachusetts. Although much of the new regulations are based on federal guidelines and Information Services “IS” best practices, there are some key differences for businesses handling the personal data of the residents of Massachusetts that will change the way businesses store and transfer personal information.