Massachusetts Enacts Legislation To Protect Personal Information
Massachusetts Enacts Legislation To Protect Personal Information
The regulations establish minimum standards for protecting and storing personal information about state residents contained in paper or electronic format. Covered businesses or individuals must develop, implement, maintain and monitor a comprehensive information security program that applies to any records containing personal information. The program must be in writing, be reasonably consistent with industry standards, and include administrative, technical and physical safeguards.
Safeguards must include:
Designation of one or more employees to maintain the program.
Regular risk assessments to gauge risks to the security, confidentiality, and/or integrity of any records containing personal information.
Security policies that cover whether and how employees should be allowed to keep, access and transport records containing personal information outside of business premises.
Disciplinary action against employees who violate the program.
Ensuring terminated employees no longer have access to personal information.
Verifying that outside vendors with access to personal information have the capacity to protect that information, and obtaining written verification of a compliant comprehensive information security program from external vendors before providing vendor access to personal information.
Collecting, retaining and providing access to personal information only to the extent it is reasonably necessary to accomplish the purpose for which it was collected, retained or accessed, or as necessary to comply with federal or state record retention requirements.
Identification of paper, electronic and other records, computing systems and storage media that contain personal information, unless all records are protected under a comprehensive information security program as if they contain personal information.
Imposing reasonable restrictions on physical access to records containing personal information, including a written procedure that sets forth how access is restricted.
Monitoring the program to ensure it is operating as intended and making adjustments as appropriate.
Assessing the safeguards at least annually or whenever there is a material change in business practices that may affect the security or integrity of the records.
Documenting steps to take to respond to a security breach.
Businesses or individuals who electronically store or transmit personal information must also establish and maintain a security system covering its computers, including any wireless systems, and this must form part of the written, comprehensive information security program. The system must have the ability to authenticate users and restrict access. Personal information transmitted across personal networks and wirelessly, as well as information stored on laptops and portable devices, must be encrypted.
Deadlines for compliance are as follows:
General compliance deadline is May 1, 2009.
Deadline for ensuring that third-party service providers are capable of protecting personal information and contractually binding them to do so is May 1, 2009.
Deadline for requiring written certification from third-party service providers is January 1, 2010.
Deadline for ensuring encryption of laptops is May 1, 2009.
Deadline for ensuring encryption of other portable devices is January 1, 2010.
The Massachusetts Office of Consumer Affairs and Business Regulation has issued a guide to help small businesses formulate a comprehensive written information security program as well as a compliance checklist to assist businesses and individuals in their efforts to comply with this legislation. These documents are available on the Instant HR Solutions website.
Massachusetts Enacts Legislation To Protect Personal Information - To learn more about this author, visit Allison Grace's Website.
Like this article? Share it with your friends
 |
Free Download - New laws protect the privacy of Social Security numbers for New York residents |
Massachusetts has joined other states, including California, Texas, New York, Oregon, and Maryland, to enact legislation that protects the privacy of personal information. Protected information includes the name of state residents in combination with their social security number, drivers’ license number, state identification number, or financial account, debit or credit card number combined with any required access code or password that would permit access to the account. The regulations apply to any businesses or individuals that own, license, store or maintain personal information about a state resident. This includes any businesses or individuals without a physical presence in Massachusetts, but in possession of personal information of any state resident.
The regulations establish minimum standards for protecting and storing personal information about state residents contained in paper or electronic format. Covered businesses or individuals must develop, implement, maintain and monitor a comprehensive information security program that applies to any records containing personal information. The program must be in writing, be reasonably consistent with industry standards, and include administrative, technical and physical safeguards.
Safeguards must include:
Designation of one or more employees to maintain the program.
Regular risk assessments to gauge risks to the security, confidentiality, and/or integrity of any records containing personal information.
Security policies that cover whether and how employees should be allowed to keep, access and transport records containing personal information outside of business premises.
Disciplinary action against employees who violate the program.
Ensuring terminated employees no longer have access to personal information.
Verifying that outside vendors with access to personal information have the capacity to protect that information, and obtaining written verification of a compliant comprehensive information security program from external vendors before providing vendor access to personal information.
Collecting, retaining and providing access to personal information only to the extent it is reasonably necessary to accomplish the purpose for which it was collected, retained or accessed, or as necessary to comply with federal or state record retention requirements.
Identification of paper, electronic and other records, computing systems and storage media that contain personal information, unless all records are protected under a comprehensive information security program as if they contain personal information.
Imposing reasonable restrictions on physical access to records containing personal information, including a written procedure that sets forth how access is restricted.
Monitoring the program to ensure it is operating as intended and making adjustments as appropriate.
Assessing the safeguards at least annually or whenever there is a material change in business practices that may affect the security or integrity of the records.
Documenting steps to take to respond to a security breach.
Businesses or individuals who electronically store or transmit personal information must also establish and maintain a security system covering its computers, including any wireless systems, and this must form part of the written, comprehensive information security program. The system must have the ability to authenticate users and restrict access. Personal information transmitted across personal networks and wirelessly, as well as information stored on laptops and portable devices, must be encrypted.
Deadlines for compliance are as follows:
General compliance deadline is May 1, 2009.
Deadline for ensuring that third-party service providers are capable of protecting personal information and contractually binding them to do so is May 1, 2009.
Deadline for requiring written certification from third-party service providers is January 1, 2010.
Deadline for ensuring encryption of laptops is May 1, 2009.
Deadline for ensuring encryption of other portable devices is January 1, 2010.
The Massachusetts Office of Consumer Affairs and Business Regulation has issued a guide to help small businesses formulate a comprehensive written information security program as well as a compliance checklist to assist businesses and individuals in their efforts to comply with this legislation. These documents are available on the Instant HR Solutions website.
Massachusetts Enacts Legislation To Protect Personal Information - To learn more about this author, visit Allison Grace's Website.
Like this article? Share it with your friends
 | |
 |
No article feedback found. |
| |
Leave Your Feedback |
 | |
| |||
David BarrDavid Barr is the President of Venture Opportunities, Inc. David has been a professional business broker/intermediary since 1980 focusing on General Business Brokerage and Mergers and Acquisitions representing client transaction value from $400,000 to $20,000,000. Mr. Barr has handled the sale of over four hundred and fifty companies. David earned a university degree from the State University of New York majoring in economics and business. David holds the Mergers and Acquisition Master Intermediary and the Certified Business Intermediary designations from the International Business Brokers Association. He is also a Senior Business Analyst and a Texas licensed Real Estate Agent. For more information about David and Venture Opportunities, visit www.bizdealmaker.com. - Visit David Barr's Website |
|||
Anne BarrAnne Barr has over 26 years experience in sales and marketing, six years as a franchisee. She has assisted over 367 business owners and purchasers to achieve their goals in career change, transition and exit strategy. She holds the designation of Certified Franchise Executive from the International Franchise Association, Certified Business Intermediary from the International Business Brokers Association and Board Certified Broker from the Texas Association of Business Brokers. Anne is active in professional organizations, networking groups and volunteers for non-profit entities. As owner/operator of four successful businesses, Anne has proven people skills and enjoys helping clients find the right "fit" in business ownership. Visit www.FranchiseOpportunitySpecialist.com for more information about me and my company. - Visit Anne Barr's Website |
|||
|
For an online Car Loan Calculator and finance for a cheap car loan. Get approved on car loans or car finance in Australia with cheap bank car loans and finding a car finance broker. Commercial car loans including business car finance and car lease. Car Loan Calculator has information on finance companies and getting the right cheap car loan from banks at best car loan rates and a online car loan calculator for all finance in Australia. Get the best car finance with our help at Car Loan Calculator and Finance Ezi. - Visit Richard Jefferies's Website |
|||
Staging DivaDebra Gould, aka The Staging Diva®, is President of Six Elements Inc., an internationally recognized home staging company. Inspired by many requests from aspiring home stagers wanting to start similar businesses, Gould created the Staging Diva Home Staging Business Training Program. Gould has trained over 1000 Staging Diva Graduates worldwide to start staging businesses. Buying decorating and selling six of her own homes in four years lead to an interest in real estate staging which she turned into a career with the launch of sixelements.com in 2002. Since then she has staged hundreds of homes in addition to teaching home staging training. Gould is the author of several home staging resources including a series of popular ebooks made up of a Design Guide, Color Guide and Portfolio Guide. For more information about Debra Gould visit stagingdiva.com. - Visit Staging Diva's Website |
|||
|
To learn more about the Evan Elite Author Program please contact us. | |||
 | |
|  |
Subscribe to Allison's articles
 | |
|
|  |
 | |
|
| |
 | |||||||
|
 | ||
 |
||
 |
||
 |
||
|
| ||
 |
| Have you written articles that would be of value to entrepreneurs? Become an expert on our site by publishing them! Expose yourself to a wide audience, drive more traffic to your website and get more sales! Click Here for details. |
|
|
 |
| Modeling the Masters: Learn the true secrets behind Walt Disney's business success factors & grow your company! Video produced by Phanta Media |
|
|
 |
"Learn straight from Evan how you can Make a Full Time Income (And More) from a Website"
Click Here To Learn More |
|
|
|
|
Get advice & tips from famous business owners, new articles by entrepreneur experts, my latest website updates, & special sneak peaks at what's to come!
|
|
|
 How Search Engines Work Performance Emotional Intelligence Managing Customer Relationships Memorandum Template 1 Best Cover Letter |
|
 | ||
 |
Top Social Business Blogs
Top Social Entrepreneur Blogs | |
 |
Top 50 Marketing Blogs
Top Marketing Blogs of 2010 | |
| ||
 | ||||
| ||||
|
| ||||
| ||||
|
|
|
|
|
||||||||||||
|
Email us your ideas on how to make our website more valuable! Thank you Sharon from Toronto Salsa Lessons / Classes for your suggestions to make the newsletter look like the website and profile younger entrepreneurs like Jennifer Lopez and Sean Combs!
|
|
|
| ||||||||||
|
| ||||||||||
|
|
||||||||||