205 CMR 238.45 - Confidential Information and Personally Identifiable Information Security
(1) Any information obtained in respect to
Sports Wagering or the Sports Wagering Account, including Confidential
Information and Personally Identifiable Information and authentication
credentials, shall be collected, maintained, stored and secured in compliance
with the privacy policies and
205
CMR 138.73: Uniform Standards of
Accounting Procedures and Internal Controls and any other policies in
205 CMR, M.G.L. c. 93H, M.G.L. c. 93I,
201 CMR
17.00: Standards for the Protection of
Personal Information of Residents of the Commonwealth, and any other
applicable law, regulation or order of a governmental body. Confidential
Information, Personally Identifiable Information and the Sports Wagering
Account funds shall be considered as critical assets for the purposes of risk
assessment.
(2) No employee or
agent of the Sports Wagering Operator shall divulge any Confidential
Information or Personally Identifiable Information related to a Sports Wagering
Account, the placing of any Wager or any other sensitive information related to
the operation of Sports Wagering except as required or permitted by
205
CMR 238.45 or elsewhere explicitly permitted
in 205 CMR, the Commission or other authorized governmental agencies,
including:
(a) The amount of money credited
to, debited from, withdrawn from, or present in any particular Sports Wagering
Account;
(b) The amount of money
Wagered by a particular patron on any event or series of events;
(c) The unique patron ID or username and
authentication credentials that identify the patron;
(d) The identities of particular Sporting
Events on which the patron is Wagering or has Wagered; and
(e) Unless otherwise authorized by the
patron, the name, address, and other Personally Identifiable Information or
Confidential Information in the possession of the Sports Wagering Operator that
would identify the patron to anyone other than the Commission or the Sports
Wagering Operator, provided, however, that such authorization must be clear,
conspicuous, and received apart from any other agreement or approval of the
patron. Acceptance of general or broad terms of use or similar documents that
purport to permit the sharing of Personally Identifiable Information or
Confidential Information in the same document shall not constitute adequate
authorization, not shall hovering over, muting, pausing, pre-selecting, or
closing a given piece of content without affirmatively granting consent; or
purported agreement. Further, no authorization shall be deemed to be a waiver
of any of the patron's other rights. The option to withdraw such consent must
be clearly and conspicuously available to the patron online through any patron
account page on the Sports Wagering Operator's website and within any Sports
Wagering mobile application. A patron shall not be required to confirm
withdrawal of consent more than once, and no intervening pages or offers will
be presented to the patron before such confirmation is presented to the
patron.
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.