Massachusetts Data Privacy Laws

are now in effect

as of March 1, 2010!

What is it?

During the year 2008, the Massachusetts State Legislature passed item 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth, which will require all business which store or transfer the personal information of any Massachusetts Resident to comply with a new set of data security requirements. 

Does this affect me?

All business, large and small, operating in Massachusetts must comply. Personal Information is defined by the State as any combination of a persons name, social security number, financial account information, or credit/debit card number. If you store any of personal information, regardless of customer or employee data classification, then this new law pertains to you and you are expected to comply.

What do I need to do?

Meeting the new legal requirements can seem like a daunting task, but it can be broken down into just a few areas of focus that will allow all businesses to comply quickly and efficiently without incurring major cost, and Boston Technology Advisors can help ensure that your business is in compliance from Day 1.

The new set of information protection can be broken down into three areas of focus; Assessment, Process, and People.

Assessment:

•Do your company’s current data security practices meet the new requirements?

•What third parties have access to the personal information you are storing, are they in compliance?

•Do your current computer and networking systems comply with the new requirements?

Process:

•Create and document your company’s Security Program” policy.

•Create and communicate explicit agreements with third party vendors and partners to ensure that they are complying with the new requirements when dealing with your data

•Ensure that the Security Program is being monitored on a regular basis, including an in-depth annual review

•Ensure that access is immediately turned off for terminated employees

•Create a process for dealing with employees who do not comply with the new regulations

Implementation:

•Upgrade non-compliant systems and network components where necessary

•Make any third party vendor and partner changes needed in order to meet compliance

•Identify an employee to become the “owner” of the “Security Program”

•Train employees on the law and what it means to their day to day jobs

January is rapidly approaching, and we can help.  Give Boston Technology Advisors a call at 508-275-2011 to setup a time to discuss the new laws, how they impact your business, and how we can help your business comply.