201 CMR 17.00 is a Massachusetts regulation that requires any entity storing personal information of Massachusetts residents to implement security standards to protect that data. It aims to prevent data breaches like those at TJ Maxx. The regulation mandates administrative requirements like conducting risk assessments and designating a security officer. It also requires technical security controls for authentication, access control, encryption of data in transit and at rest, firewalls, antivirus software, and more. The regulation provides recommendations and references to help entities achieve compliance.