|
|
Like this article? PLEASE +1 it! |  |
|
Complying with the New Data Security Law
Written by: Marijo McCarthyArticle Overview: A new law has been bestowed upon the business community by the Great and General Court of the Commonwealth of Massachusetts that is so important, I feel compelled to share the details. As the year goes on, you will no doubt hear more about this requirement, so please consider this an introduction and a gentle nudge in the direction of beginning the process. Without further ado, I share with you an outline of the strictest law in the United States on protecting personal information of residents.
 |
Free Download - What's An Opinion, Anyway? By Marijo McCarthy |
Complying with the New Data Security Law
As you know, I rarely devote a monthly newsletter to outlining changes in laws (other than to comment on their practical application through my clients' real experiences).
Why not? First of all, it's boring. Secondly... it's boring! Well, boring or not, a new law has been bestowed upon the business community by the Great and General Court of the Commonwealth of Massachusetts that is so important, I feel compelled to share the details.
As the year goes on, you will no doubt hear more about this requirement, so please consider this an introduction and a gentle nudge in the direction of beginning the process. Without further ado, I share with you an outline of the strictest law in the United States on protecting personal information of residents.
New Rules on Data Protection in Massachusetts
201 CMR 17.00: "Standards for the Protection of Personal Information of Residents of the Commonwealth" (issued under MGL C. 93H, Section 3... signed 8/07)
What Is it?
The regulations have been issued by the Commonwealth of Massachusetts Office of Consumer Affairs and Business Regulation in order to implement a law signed by Governor Deval Patrick in August of 2007 whose goal is to require employers to safeguard personal information of employees and customers.
When is it Effective?
The effective date has twice been moved back -- from January 1, 2009 to May 1, 2009, and again to January 1, 2010. Both times to give companies additional time to prepare.
What Does It Require and Who Must Comply?
The law requires that every person (defined as an individual, a corporation, an association, a partnership or other legal entity) maintaining documents or electronic data which contains Personal Information develop a comprehensive written Security Program to protect that Personal Information.
What Constitutes Personal Information?
Personal Information is a Massachusetts resident's name (first and last name or first initial and last name) combined with one or more of the following:
- a social security number; or
- a driver's license or state-issued ID card number; or
- a financial account number, or credit or debit card number.
What should be included in the Security Program?
Small business owners may visit www.mass.gov/consumer for a sample guide to assist with the process of developing their company's comprehensive written Security Program and a Compliance Checklist to be sure your Security Program is compliant with the new regulations. You don't have to have the most perfectly written program -- just be sure you have one.
What do I do after I create our Security Program?
- If possible, avoid keeping Personal Information, unless you are required to do so by law (smaller business owners have more flexibility in deciding what to keep and how and where to keep it);
- If you must maintain Personal Information (for instance, employee records generally contain social security numbers, which makes employee personnel files subject to the Security Program), be sure to isolate and protect those files; and
- Be sure your consultants, vendors and any other third parties who might have Personal Information as a result of their business transactions with you are in compliance (for instance, think about health insurance providers and payroll companies).
There are no small company exemptions from this new law, so small and large businesses alike are under the gun to begin outlining their plans. As always, I have identified resources to assist my clients with a new challenge and they include employment lawyers and technology consultants whose skills can help guide you through.
And, as always, I urge you not to wait until December to begin... the smart business owners have already carved out reasonable time and resources for this work. Remember, with the Attorney General's Office enforcement team breathing down your neck, voluntary compliance is always easier than involuntary!
How to maintain data privacy?
Data Security is Mandatory
Data Loss - The Scariest Term in Business Today
Key 2011 Hacker Prevention Lessons
Retail Security
Article Tags: business community, data security, massachusettts, personal information, protection, regulation, security law
|
About the Author: Marijo McCarthy RSS for Marijo's articles - Visit Marijo's website  Click here to visit Marijo's website   Contract War Stories from the Trenches Not Every Employer or Employee Needs a NonCompete Boilerplate in Contracts a Dangerous Thing to Ignore Zeroing In On Bad Economy Business Basics Employee vs Independent Contractor Ignore This at Your Peril |
Related Forum Posts
Re: What's the best anti-virus/spyware software?
- I use home AVG Internet Security and I'm pretty satisfied with it.
Re: Does Your Website Have a Robots.txt File?
- HI Carol,
Your robot file is correct; no lets work on your Page Titles & Meta Data.
Do you have access to create different page titles for each page of your website? Do you have your FTP information...please do not post it here but just let me know if you have access.
Jeff
Re: What I Enjoyed Reading This Week - June 11
- Hi Evan,
Thank you for the reading material. I look forward to the general release later this month as outlined in the 'Google Analytics To Add Search Query Data From Webmaster Tools' article.
Anything that helps us to understand maximise extra data from Google Analytics can only be of benefit.
regards,
Mal.
Marketing a company
- Jeff,
I know who my target market is: Defense contractor doing business with the Federal Government
My product is: Providing security consulting services for companies that must abide the National Security requirements.
How can I inform theses contractors about my services?
Thanks
Diane
Re: Google Calendar
- Hi Mary,
On FireFox go to Tools --> Options --> Security There is a box that says: Remember passwords for sites, check it.
Next time you enter a PW firefox will ask you if you want to save it.
If you go to security again you will see a button "Saved Passwords" click on it and it will open the list, with all the PW hidden, you can choose to hide or show them.
Share this article with your friends. Fund someone's dream.
Leave a comment below or share on the left and you'll help support entrepreneurs in Africa through our partnership with Kiva. Over $50,000 raised and counting - Please keep sharing! Learn more.
by: 
February 2012 Top 100 Leadership Experts to Follow on Twitter
Please Stop Calling it Coaching!
Measuring the Quality of Your Hires
The fine line 
Get advice & tips from famous business
owners, new articles by entrepreneur
experts, my latest website updates, &
special sneak peaks at what's to come!
Top Ten Home-Based Businesses
Stress: What Causes It and How To Deal With It
Building a Business From 30,000 Feet
Email us your ideas on how to make our
website more valuable! Thank you Sharon
from Toronto Salsa Lessons / Classes for
your suggestions to make the newsletter
look like the website and profile younger
entrepreneurs like Jennifer Lopez.