Please update your browser's security settings.
To maintain the highest security standards, we will be disabling support for browsers using TLS 1.0. Learn more and upgrade your browser here.


Complying with Massachusetts’ Data Security Laws

Essential information security training for employees of organizations that do business with Massachusetts residents


Organizations doing business with MA residents must offer ongoing employee training as part of their overall information security program to be in compliance with Massachusetts Regulation 201 CMR 17.00: M.G.L. c. 93H. This includes training on the proper use of computer security systems (17.04.8) and the importance of protecting personal information (17.03.2.B.1). The annual training requirement extends to full-time employees as well as part-time, temporary and contract employees.


Massachusetts data security law trainingThis course is specifically designed to meet Massachusetts data security employee training requirements, and to assist you in attaining overall compliance in your training efforts. The training covers the required employee training topics; and, corresponding elements of the Massachusetts data security law (and related potential penalties of non-compliance) are also presented.


Massachusetts data security law training Knowledge checks, interactive learning activities, and real world scenarios maintain your employees' attention, reinforce learning, and add increased relevance to the training.


The goal of this training is to create informed employees that exhibit good administrative, technical, and physical data protection behaviors to ensure the security and confidentiality of consumer information.


View the full course outline and features below.


Annual Employee Training Requirement - Massachusetts Regulation 201 CMR 17.00 mandates the implementation of an information security program, as well as a requirement for ongoing employee training (including new hires, temporary, and contract employees), on the proper use of computer security systems and the importance of personal information security.


Course Features

  30-45 minutes

 Full Interactivity

  Real World Scenarios

  Premium Audio &
    Professional Narration

  Certificate of Completion

  Compliance Tracking

compliance documentation

Full Compliance Documentation
The training is managed, documented, & verified through your employee training center, including certificates of completion and full reporting.



General, all employees, management, temporary and contract employees





Course Outline

Massachusetts Data Security Law Training



Lesson 1:  Protecting Data and Resources

  • Overview
  • Social Engineering
  • Preventing Social Engineering
  • Knowledge Check
  • Physical Security
  • Data Protection and Storage
  • Data Destruction
  • Knowledge Check
Massachusetts data security training screenshot 1

Lesson 2:  Safe Computing Practices

  • Introduction
  • Malware and Related Threats
  • Preventing Social Engineering
  • E-Mail and Computing Best Practices
  • Instant Messenger
  • Knowledge Check
  • Password Guidelines
  • Knowledge Check
Massachusetts data security training screenshot 2


Lesson 3:  Safe Remote and Mobile Computing

  • Introduction
  • Securing Mobile Computing Devices
  • Connecting to Networks
  • Working in Public Places
  • Traveling Securely
  • Knowledge Check
Massachusetts data security training screenshot 3


Lesson 4:  General Data Protection Practices

  • Overview
  • Privacy Incidents
  • Data Breach Notification
  • Your Data Protection Responsibilities
  • Personally Identifable Information (PII)
  • Additional PII
  • Safeguarding PII
  • Knowledge Check
Massachusetts data security training screenshot 4


Training Summary 



The training concludes with a short assessment to verify and document the employee's understanding.


A certification of completion is generated upon successful completion.



Course Features

30-45 minutes
 Full Interactivity
Real World Scenarios
Premium Audio & Narration
Instant Certificate of Completion
Full Compliance Tracking





Massachusetts 201 CMR 17.00  
Standards for the Protection of Personal Information of Residents of the Commonwealth



17.01 - Purpose and Scope

(1) Purpose.
This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met by persons who own or license personal information about a resident of the Commonwealth of Massachusetts. This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. The objectives of this regulation are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.

(2) Scope.
The provisions of this regulation apply to all persons that own or license personal information about a resident of the Commonwealth.



Employee Training Requirements


In addition to requirements to develop, implement, and maintain a comprehensive information security program, and specific provisions related to computer systems security, data encryption, and general data security, the regulation also specifically requires employee training. The employee training requirement is stated in two separate sections:

17.03: Duty to Protect and Standards for Protecting Personal Information
(2)(b) Identifying and assessing reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of any electronic, paper or other records containing personal information, and evaluating and improving, where necessary, the effectiveness of the current safeguards for limiting such risks, including but not limited to:
(1) Ongoing employee (including temporary and contract employee) training


17.04: Computer System Security Requirements
Every person that owns or licenses personal information about a resident of the Commonwealth and electronically stores or transmits such information shall include in its written, comprehensive information security program the establishment and maintenance of a security system covering its computers, including any wireless system, that, at a minimum, and to the extent technically feasible, shall have the following elements:

(8) Education and training of employees on the proper use of the computer security system and the importance of personal information security.



Complying with Massachusetts’ Data Security Laws
$29.00 USD

Purchase Now

See volume pricing below.


Training Managers
and Employers

Log in or create a free Employee Training Center account to purchase multiple courses with volume pricing.


Client Login


Create Free Account


Employee Training
Made Easy & Affordable

We provide everything you need, all included at no additional cost:

  • Online training center
  • Complete LMS & hosting
  • 7/365 employee support
  • Training Manager support
  • Certificates of completion
  • Full compliance reporting
  • No minimum purchase
  • No I.T. requirements



Volume Training Discounts

Purchase training credits in bulk for additional savings.

Quantity Pricing
25 - 49 $26.00 /credit
50 - 74 $23.00 /credit
75 - 99 $21.00 /credit
100 - 249 $19.00 /credit


Contact us for larger enrollments, enterprise pricing, & special multi-year pricing.


Contact Us