Complying with the New Data Security Law
Complying with the New Data Security Law
Why not? First of all, it's boring. Secondly... it's boring! Well, boring or not, a new law has been bestowed upon the business community by the Great and General Court of the Commonwealth of Massachusetts that is so important, I feel compelled to share the details.
As the year goes on, you will no doubt hear more about this requirement, so please consider this an introduction and a gentle nudge in the direction of beginning the process. Without further ado, I share with you an outline of the strictest law in the United States on protecting personal information of residents.
New Rules on Data Protection in Massachusetts
201 CMR 17.00: "Standards for the Protection of Personal Information of Residents of the Commonwealth" (issued under MGL C. 93H, Section 3... signed 8/07)
What Is it?
The regulations have been issued by the Commonwealth of Massachusetts Office of Consumer Affairs and Business Regulation in order to implement a law signed by Governor Deval Patrick in August of 2007 whose goal is to require employers to safeguard personal information of employees and customers.
When is it Effective?
The effective date has twice been moved back -- from January 1, 2009 to May 1, 2009, and again to January 1, 2010. Both times to give companies additional time to prepare.
What Does It Require and Who Must Comply?
The law requires that every person (defined as an individual, a corporation, an association, a partnership or other legal entity) maintaining documents or electronic data which contains Personal Information develop a comprehensive written Security Program to protect that Personal Information.
What Constitutes Personal Information?
Personal Information is a Massachusetts resident's name (first and last name or first initial and last name) combined with one or more of the following:
- a social security number; or
- a driver's license or state-issued ID card number; or
- a financial account number, or credit or debit card number.
What should be included in the Security Program?
Small business owners may visit www.mass.gov/consumer for a sample guide to assist with the process of developing their company's comprehensive written Security Program and a Compliance Checklist to be sure your Security Program is compliant with the new regulations. You don't have to have the most perfectly written program -- just be sure you have one.
What do I do after I create our Security Program?
- If possible, avoid keeping Personal Information, unless you are required to do so by law (smaller business owners have more flexibility in deciding what to keep and how and where to keep it);
- If you must maintain Personal Information (for instance, employee records generally contain social security numbers, which makes employee personnel files subject to the Security Program), be sure to isolate and protect those files; and
- Be sure your consultants, vendors and any other third parties who might have Personal Information as a result of their business transactions with you are in compliance (for instance, think about health insurance providers and payroll companies).
There are no small company exemptions from this new law, so small and large businesses alike are under the gun to begin outlining their plans. As always, I have identified resources to assist my clients with a new challenge and they include employment lawyers and technology consultants whose skills can help guide you through.
And, as always, I urge you not to wait until December to begin... the smart business owners have already carved out reasonable time and resources for this work. Remember, with the Attorney General's Office enforcement team breathing down your neck, voluntary compliance is always easier than involuntary!
Complying with the New Data Security Law - To learn more about this author, visit Marijo McCarthy's Website.
Like this article? Share it with your friends
As you know, I rarely devote a monthly newsletter to outlining changes in laws (other than to comment on their practical application through my clients' real experiences).
Why not? First of all, it's boring. Secondly... it's boring! Well, boring or not, a new law has been bestowed upon the business community by the Great and General Court of the Commonwealth of Massachusetts that is so important, I feel compelled to share the details.
As the year goes on, you will no doubt hear more about this requirement, so please consider this an introduction and a gentle nudge in the direction of beginning the process. Without further ado, I share with you an outline of the strictest law in the United States on protecting personal information of residents.
New Rules on Data Protection in Massachusetts
201 CMR 17.00: "Standards for the Protection of Personal Information of Residents of the Commonwealth" (issued under MGL C. 93H, Section 3... signed 8/07)
What Is it?
The regulations have been issued by the Commonwealth of Massachusetts Office of Consumer Affairs and Business Regulation in order to implement a law signed by Governor Deval Patrick in August of 2007 whose goal is to require employers to safeguard personal information of employees and customers.
When is it Effective?
The effective date has twice been moved back -- from January 1, 2009 to May 1, 2009, and again to January 1, 2010. Both times to give companies additional time to prepare.
What Does It Require and Who Must Comply?
The law requires that every person (defined as an individual, a corporation, an association, a partnership or other legal entity) maintaining documents or electronic data which contains Personal Information develop a comprehensive written Security Program to protect that Personal Information.
What Constitutes Personal Information?
Personal Information is a Massachusetts resident's name (first and last name or first initial and last name) combined with one or more of the following:
- a social security number; or
- a driver's license or state-issued ID card number; or
- a financial account number, or credit or debit card number.
What should be included in the Security Program?
Small business owners may visit www.mass.gov/consumer for a sample guide to assist with the process of developing their company's comprehensive written Security Program and a Compliance Checklist to be sure your Security Program is compliant with the new regulations. You don't have to have the most perfectly written program -- just be sure you have one.
What do I do after I create our Security Program?
- If possible, avoid keeping Personal Information, unless you are required to do so by law (smaller business owners have more flexibility in deciding what to keep and how and where to keep it);
- If you must maintain Personal Information (for instance, employee records generally contain social security numbers, which makes employee personnel files subject to the Security Program), be sure to isolate and protect those files; and
- Be sure your consultants, vendors and any other third parties who might have Personal Information as a result of their business transactions with you are in compliance (for instance, think about health insurance providers and payroll companies).
There are no small company exemptions from this new law, so small and large businesses alike are under the gun to begin outlining their plans. As always, I have identified resources to assist my clients with a new challenge and they include employment lawyers and technology consultants whose skills can help guide you through.
And, as always, I urge you not to wait until December to begin... the smart business owners have already carved out reasonable time and resources for this work. Remember, with the Attorney General's Office enforcement team breathing down your neck, voluntary compliance is always easier than involuntary!
Complying with the New Data Security Law - To learn more about this author, visit Marijo McCarthy's Website.
Like this article? Share it with your friends
![]() | |
| |
No article feedback found. |
| |
Leave Your Feedback |
|
| |
| |||
|
To learn more about the Evan Elite Author Program please contact us. |
![]() | |
![]()
| |
![]() | |
|
| |
![]() | |
|
| |
![]() | |||||||
|
![]() | ||
|
| ||
![]() |
| Have you written articles that would be of value to entrepreneurs? Become an expert on our site by publishing them! Expose yourself to a wide audience, drive more traffic to your website and get more sales! Click Here for details. |
|
|
![]() |
| Modeling the Masters: Learn the true secrets behind Walt Disney's business success factors & grow your company! Video produced by Phanta Media |
|
|
![]() |
"Learn straight from Evan how you can Make a Full Time Income (And More) from a Website"
Click Here To Learn More |
|
|
|
|
Get advice & tips from famous business owners, new articles by entrepreneur experts, my latest website updates, & special sneak peaks at what's to come!
|
![]() |
|
|
![]() | ||
|
Top 50 Geek Business Blogs
Top 50 Geek Business Blogs | ||
|
The Top 10 GTD Times Posts
Best Posts for Productivity | ||
![]() | ||
![]() | ||||
| ||||
| ||||
| ||||
|
|
|
|
|
||||||||||||
|
|
|
|
|





Subscribe to Marijo's articles











