Tweet

Massachusetts Enacts Legislation To Protect Personal Information

Guest post by: Allison Grace

Article Overview: Massachusetts has joined other states, including California, Texas, New York, Oregon, and Maryland, to enact legislation that protects the privacy of personal information. The regulations apply to any businesses or individuals that own, license, store or maintain personal information about a state resident.

Massachusetts Enacts Legislation To Protect Personal Information

Massachusetts has joined other states, including California, Texas, New York, Oregon, and Maryland, to enact legislation that protects the privacy of personal information. Protected information includes the name of state residents in combination with their social security number, drivers’ license number, state identification number, or financial account, debit or credit card number combined with any required access code or password that would permit access to the account. The regulations apply to any businesses or individuals that own, license, store or maintain personal information about a state resident. This includes any businesses or individuals without a physical presence in Massachusetts, but in possession of personal information of any state resident.

The regulations establish minimum standards for protecting and storing personal information about state residents contained in paper or electronic format. Covered businesses or individuals must develop, implement, maintain and monitor a comprehensive information security program that applies to any records containing personal information. The program must be in writing, be reasonably consistent with industry standards, and include administrative, technical and physical safeguards.

Safeguards must include:

Designation of one or more employees to maintain the program.
Regular risk assessments to gauge risks to the security, confidentiality, and/or integrity of any records containing personal information.
Security policies that cover whether and how employees should be allowed to keep, access and transport records containing personal information outside of business premises.
Disciplinary action against employees who violate the program.
Ensuring terminated employees no longer have access to personal information.
Verifying that outside vendors with access to personal information have the capacity to protect that information, and obtaining written verification of a compliant comprehensive information security program from external vendors before providing vendor access to personal information.
Collecting, retaining and providing access to personal information only to the extent it is reasonably necessary to accomplish the purpose for which it was collected, retained or accessed, or as necessary to comply with federal or state record retention requirements.
Identification of paper, electronic and other records, computing systems and storage media that contain personal information, unless all records are protected under a comprehensive information security program as if they contain personal information.
Imposing reasonable restrictions on physical access to records containing personal information, including a written procedure that sets forth how access is restricted.
Monitoring the program to ensure it is operating as intended and making adjustments as appropriate.
Assessing the safeguards at least annually or whenever there is a material change in business practices that may affect the security or integrity of the records.
Documenting steps to take to respond to a security breach.

Businesses or individuals who electronically store or transmit personal information must also establish and maintain a security system covering its computers, including any wireless systems, and this must form part of the written, comprehensive information security program. The system must have the ability to authenticate users and restrict access. Personal information transmitted across personal networks and wirelessly, as well as information stored on laptops and portable devices, must be encrypted.

Deadlines for compliance are as follows:

General compliance deadline is May 1, 2009.

Deadline for ensuring that third-party service providers are capable of protecting personal information and contractually binding them to do so is May 1, 2009.

Deadline for requiring written certification from third-party service providers is January 1, 2010.

Deadline for ensuring encryption of laptops is May 1, 2009.

Deadline for ensuring encryption of other portable devices is January 1, 2010.

The Massachusetts Office of Consumer Affairs and Business Regulation has issued a guide to help small businesses formulate a comprehensive written information security program as well as a compliance checklist to assist businesses and individuals in their efforts to comply with this legislation. These documents are available on the Instant HR Solutions website.

Related Articles
  So You Thought Non-Compete Agreements Were Safe? Think again.
  Complying with the New Data Security Law
  New laws governing the confidentiality of social security numbers affect Connecticut employers
  SMEs - regulation in Africa
  Myths and Mysteries: I Thought I Couldn't be Sued Personally if I Formed a Corporation

Article Tags: access code, account debit, business premises, comprehensive information security, confidentiality, designation, disciplinary action, drivers license, electronic format, information security policies, information security program, integrity, personal information security, physical presence, physical safeguards, possession, risk assessments, social security, social security number, state residents



Related Forum Posts
Securing Financing - This is a short article that a friend of mine put together. He's a business banker and it seems that he would be the right person to put the info together. He compiled it for inclusion in a book about opening a pizza shop. There could be some useful info here - In order for a bank to even consider financing for a business loan such as a pizza restaurant, the first step is to have good personal credit. If you have previous credit issues that have lowered your credit scores, make sure you are prepared to either hear, “No”, or “Please explain this (these) credit marks.” If you have not demonstrated the ability to manage your own personal finances then most likely you will not have the opportunity to manage the financing from a bank for a business. When you make the initial contact with a bank, ask to speak to a commercial loan officer. Other types of loan officers include consumer (think car loans) and mortgage (think home purchases and home equity loans). The commercial loan officer will be able to provide a list of things you will need to give him/her in order to consider the restaurant financing. Information required for a new business most likely will include the following: Personal financial statement (Assets – Liabilities = Net Worth) Personal tax returns (two years) Business Plan If leasing property, copy of the lease agreement If purchasing property, copy of the sales contract Personal History / Resume (may not be required but is very helpful) If an existing business, add the following to the list above: Business tax returns (two years) Copy of State Corporation Commission Certificate Copy of Federal Tax Identification Number or Employer Identification Number (EIN) Copy of Articles of Incorporation (if corporation) Copy of Operating Agreement (if partnership) One common mistake a new business owner often makes with regard to financing is that one loan will cover all the financing needs. This is typically not the case and can lead to cash flow problems that could result in default on the loan, which is not what the lender or borrower want. In most cases, either two or sometimes three separate loans would be appropriate. For instance, if one is purchasing real estate then a long-term mortgage loan would be appropriate to finance that purchase. However, the pizza restaurant may need to purchase equipment and have cash available monthly to meet payroll and purchase rolling inventory. An equipment loan could take the form of a five or seven year loan with a fixed monthly payment much like a car loan. A line of credit, on which one would pay interest monthly on the outstanding balance, may be prudent for short-term cash flow purposes. All three should be addressed in the business plan and discussed with the commercial loan officer. Chris
Re: What Sells Online? - I agree with topeyinka, Information products(how to's) are whats selling right now.
Re: Twitter vs Facebook - I know this is a naive question but i'm really not sure: What do you tweet ? Business? promote your business? Personal? Are there things you can't do? ALSO :Is there a rule book? Is there a success formula using twitter?
Re: Best Internet Marketing Strategies - Personal development and knowledge are important but as Mat says without action nothing will happen. So don't spend so long learning that you fail to follow through, rather learn as you go along but do something everyday towards achieving your goal. MichelleJ
Re: Quick Ways To Utilize SEO Effectively - There are many different types of content: blog content, website content, newsletter content, audio & video content, the list can be endless. I'll just list 10 types of website content here: * Index/Introduction * Product Descriptions * Testimonials * Reviews * Resources * How-to Information * Downloads * Contact Information * Navigation/Site Map About/Company Info Anchor text as the others have said is the hyperlinked words on a web page - the words you click on when you click a link. Anchor text is important because it tells the search engines what the page is about. Used wisely, it boosts your rankings in search engines, especially in Google.If you use "click here" as the words people are going to click on, you're telling people the page is about the subject "click here", which is not the phrase you want to rank highly for, the text you need to use is a keyword that you have chosen for your website, blog or article. Take care, Carol


Share this article with your friends. Fund someone's dream.

Leave a comment below or share on the left and you'll help support entrepreneurs in Africa through our partnership with Kiva. Over $50,000 raised and counting - Please keep sharing! Learn more.

Tweet

Newsletter

Get advice & tips from famous business
owners, new articles by entrepreneur
experts, my latest website updates, &
special sneak peaks at what's to come!

Name:
Email:

Popular Articles

Executives and Elevators Perfecting That Pitch

LEARNING TO HAVE FUN – EVERYDAY!

Suggestions

Email us your ideas on how to make our
website more valuable! Thank you Sharon
from Toronto Salsa Lessons / Classes for
your suggestions to make the newsletter
look like the website and profile younger
entrepreneurs like Jennifer Lopez.