Section 3.01 - Scope, Purpose, and Other General Provisions(1)Applicability. 965 CMR 3.00 is applicable to the Office of the State Auditor (OSA).(2)Purpose. The Auditor promulgates 965 CMR 3.00, relating to the Safeguard of Personal Information, pursuant to her authority in M.G.L. c. 93H, § 2(c).(3) The purpose of 965 CMR 3.00 is to effectuate the purpose of M.G.L. c. 93H, that is, to: ensure the security and confidentiality of employee information in a manner fully consistent with industry standards; to protect against anticipated threats or hazards to the security or integrity of such information; and to protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any resident of the commonwealth.(4)Scope. 965 CMR 3.00 governs the collection, maintenance, and disclosure of "personal information" as defined by M.G.L. c. 93H, § 1(a), and 965 CMR. 3.00, by the OSA.(5)Consistency. 965 CMR 3.00 should be read consistently with other state or federal laws and regulations applicable to the OSA and already in place, including but not limited to the public records laws (e.g., M.G.L. c. 66, § 10; the Fair Information Practices Act, M.G.L. c. 66A, § 1; the Criminal Offender Record Information Act, M.G.L. c. 6, § 172 and 940 CMR 11.00.).(6)Limitation. 965 CMR 3.00 is not intended to establish a standard of care or create any independent private right, remedy, or cause of action on the part of any employee, auditee, or other third party on account of any action the OSA takes or fails to take in relation to the Written Information Security Program (WISP).