Certified Information Privacy Professional – United States (CIPP/US) — Question 95

What does the Massachusetts Personal Information Security Regulation require as it relates to encryption of personal information?

Answer options

• A. The encryption of all personal information of Massachusetts residents when all equipment is located in Massachusetts.
• B. The encryption of all personal information stored in Massachusetts-based companies when all equipment is located in Massachusetts.
• C. The encryption of personal information stored in Massachusetts-based companies when stored on portable devices.
• D. The encryption of all personal information of Massachusetts residents when stored on portable devices.

Correct answer: D

Explanation

The correct answer, D, specifies that personal information of Massachusetts residents must be encrypted when it is stored on portable devices, which is a requirement of the regulation. The other options either misstate the scope of the requirement or the conditions under which encryption is necessary, such as location or type of storage, which do not align with the specific mandate for portable devices.