Code of Massachusetts Regulations
965 CMR - DEPARTMENT OF STATE AUDITOR
Title 965 CMR 3.00 - Safeguard Of Personal Information
Section 3.02 - Definitions
For purposes of 965 CMR 3.00 and as used in 965 CMR 3.00, unless the context otherwise requires, the following terms shall have the following meanings:
Auditor. means the Office of the State Auditor (OSA).
Breach of Security. means the unauthorized acquisition or unauthorized use of unencrypted data or encrypted electronic data, and the confidential process or key that is capable of compromising the security, confidentiality, or integrity of personal information maintained by a person or agency that creates a substantial risk of identity theft or fraud against a resident of the commonwealth. A good faith but unauthorized acquisition of personal information by a person or agency, or employee or agent thereof, for the lawful purposes of such person or agency, is not a breach of security unless the personal information is used in an unauthorized manner or subject to further unauthorized disclosure.
Computers. means personal desktop computers, laptops, and PDAs such as Blackberries.
Electronic. means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.
Encryption. means the transformation of data through the use of an algorithmic process, or an alternative method at least as secure, into a form to which meaning cannot be assigned without the use of a confidential process or key.
Personal Information means a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident:
(a) Social Security number;
(b) driver's license number or state-issued identification card number; or
(c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number, or password, that would permit access to a resident's financial account; provided, however, that "personal information" does not include information that is lawfully obtained from publicly available information, or from federal, state, or local government records lawfully made available to the general public.
Record or Records means any material upon which written, drawn, spoken, visual, or electromagnetic information or images are recorded or preserved, regardless of physical form or characteristics.