Last week, in a special meeting, the Massachusetts Legislative Joint Committee on Consumer Affairs heard from businesses and social service agencies about the unnecessary burden they face from recently adopted data security regulations. The Massachusetts Office of Consumer Affairs and Business Regulations has adopted data security regulations that far exceed comparable Federal Trade Commission requirements, despite language in the enabling legislation directing the agency to promulgate regulations that are consistent with federal rules.
Small businesses will bear an enormous burden from these overly prescriptive regulations. The Office of Consumer Affairs’ own estimates find that a 10-person business could spend $9,000 in the first year and $6,000 each year thereafter to be in compliance. One estimate of the aggregate cost of these regulations on Massachusetts businesses with fewer than 100 employees is $1.7 billion in the first year and $740 million each year thereafter.
Social service agencies, already reeling from sharp state budget cuts, are also placed at risk by this agency overreach. Michael Weekes, president of the Massachusetts Provider’s Council, the state’s largest organization of health and social service providers, said the regulations could cost an average-sized member between $5,000 and $15,000.
So, in the toughest economic climate in memory and in the face of stiff state budget cuts the Commonwealth of Massachusetts has elected to impose costly and unnecessary new regulations on the state’s smallest companies and social service agencies.
— Steve Adams, New England Regional Advocate