The document summarizes the key points of the Massachusetts data privacy law 201 CMR 17.00. It outlines that all entities that own or license personal information of Massachusetts residents must comply with the law by March 2010. This includes designating a security officer, implementing a written information security plan, training employees, and reporting any breaches. The law requires safeguarding electronic and physical records, using encryption on emails and portable devices containing personal data, and securely storing paper records. To comply, companies should assess their security, create an action plan, write a security policy, train employees, and monitor/update the policy annually. Overall, following this law carefully is important to maintain client trust and relationships.