There are numerous laws, regulations, and policies which prescribe the way sensitive data are to be handled. Relevant information from the UMASS Amherst Office of Information Technologies includes "Data Security Compliance at UMass Amherst" and "Data Security Incidents". Similarly, the UMASS Board of Trustees provide "Data and Computing Policies and Standards".

Executive Order 504 issued by Massachusetts Governor Patrick in 2009 works to improve the protection of "personal information" (defined in Massachusetts General Law Chapter 93H Section 1) and "personal data" (defined in Massachusetts General Law Chapter 66A Section 1).