<h2>V-A. Massachusetts Data Security (201 CMR 17.00)</h2>
<p>
    YourSA complies with the Massachusetts Data Security Regulations,
    201 CMR 17.00, which require organizations that collect or store
    personal information of Massachusetts residents to implement and
    maintain a comprehensive written information security program.
</p>

<p>
    In accordance with 201 CMR 17.00, YourSA has established and maintains
    administrative, technical, and physical safeguards designed to:
</p>

<ul class="list">
    <li>Protect the security and confidentiality of personal information</li>
    <li>Protect against anticipated threats or hazards to data security</li>
    <li>Protect against unauthorized access to or use of personal information</li>
</ul>

<p>
    These safeguards include, where appropriate:
</p>

<ul class="list">
    <li>Limiting access to personal information to authorized personnel only</li>
    <li>Password protection and access controls for electronic records</li>
    <li>Secure storage and disposal of paper records containing personal information</li>
    <li>Encryption of personal information transmitted electronically where feasible</li>
    <li>Regular monitoring, review, and updating of security measures</li>
</ul>

<p>
    Personal information, as defined by Massachusetts law, includes a
    Massachusetts resident’s first name or first initial and last name
    in combination with sensitive data elements such as Social Security
    numbers, financial account numbers, or government-issued identification
    numbers. YourSA limits the collection and retention of such information
    to what is reasonably necessary for legitimate nonprofit operations
    and legal compliance.
</p>

<p>
    In the event of a data breach involving personal information of
    Massachusetts residents, YourSA will comply with all applicable
    notification requirements under Massachusetts law, including
    notifying affected individuals and the appropriate state authorities
    as required.
</p>