In 2007, a Data Security Breach Notification Law went into effect in Massachusetts requiring covered entities to provide notification in the event of certain data security breaches.
On March 1, 2010, regulations 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth (.pdf) went into effect that apply to businesses and other entities which collect or process personal information such as Social Security and credit card numbers.
In response, MIT rolled out a campus-wide Written Information Security Program (WISP), which includes administrative, technical, and physical safeguards for this type of data.
MIT asks that all members of the community pay special attention any time sensitive data crosses their desks. Review How to Protect Data for tips on minimizing and protecting sensitive data in your work area.