The Massachusetts Supreme Judicial Court issued an order on January 7, 2010 regarding the protection of specific personal information collected and maintained by the Massachusetts judicial branch in accordance with M.G.L. c. 93H.

The Order requires protection of specified personal information, as defined by M.G.L. c. 93H, of all individuals, including non-residents.  Each appellate court, the Trial Court and any court affiliate
that owns, stores or maintains such personal information is required to develop and implement an information security program to protect personal information from a data breach.

According to the Order, the program is to ensure that courts and court affiliates collect the minimum quantity of personal information reasonably needed to accomplish the legitimate purpose for which the information is collected; securely store and protect the information against unauthorized access, destruction, use, modification, disclosure or loss; provide access to and disseminate the information only to those who reasonably require the information to perform their duties; and destroy the information as soon as it is no longer needed or required to be maintained.

The SJC’s Order sets out the details of what such information security program shall include.  The Order also provides for departmental reviews of the collection and maintenance of personal information; review of the manner in which personal information is electronically stored; and requires that all contracts entered into by the judicial branch contain provisions regarding data breach notification and require compliance with court information security programs.

Compliance with the Order is required by September 1, 2010.  To see the SJC’s complete Order on the Protection of Personal Information, click here.

This entry was posted on Wednesday, January 27th, 2010 at 9:01 pm by Nancy Cremins and is filed under News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.