Evan Carmichael Top Header about About About facebook Twitter YouTube Google+

Complying with the New Data Security Law



Free PDF Download
What's An Opinion, Anyway? - By Marijo McCarthy

Name: Email:


As you know, I rarely devote a monthly newsletter to outlining changes in laws (other than to comment on their practical application through my clients' real experiences).

Why not? First of all, it's boring. Secondly... it's boring! Well, boring or not, a new law has been bestowed upon the business community by the Great and General Court of the Commonwealth of Massachusetts that is so important, I feel compelled to share the details.

As the year goes on, you will no doubt hear more about this requirement, so please consider this an introduction and a gentle nudge in the direction of beginning the process. Without further ado, I share with you an outline of the strictest law in the United States on protecting personal information of residents.

New Rules on Data Protection in Massachusetts

201 CMR 17.00: "Standards for the Protection of Personal Information of Residents of the Commonwealth" (issued under MGL C. 93H, Section 3... signed 8/07)

What Is it?

The regulations have been issued by the Commonwealth of Massachusetts Office of Consumer Affairs and Business Regulation in order to implement a law signed by Governor Deval Patrick in August of 2007 whose goal is to require employers to safeguard personal information of employees and customers.

When is it Effective?

The effective date has twice been moved back -- from January 1, 2009 to May 1, 2009, and again to January 1, 2010. Both times to give companies additional time to prepare.

What Does It Require and Who Must Comply?

The law requires that every person (defined as an individual, a corporation, an association, a partnership or other legal entity) maintaining documents or electronic data which contains Personal Information develop a comprehensive written Security Program to protect that Personal Information.

What Constitutes Personal Information?

Personal Information is a Massachusetts resident's name (first and last name or first initial and last name) combined with one or more of the following:

- a social security number; or

- a driver's license or state-issued ID card number; or

- a financial account number, or credit or debit card number.

What should be included in the Security Program?

Small business owners may visit www.mass.gov/consumer for a sample guide to assist with the process of developing their company's comprehensive written Security Program and a Compliance Checklist to be sure your Security Program is compliant with the new regulations. You don't have to have the most perfectly written program -- just be sure you have one.

What do I do after I create our Security Program?

- If possible, avoid keeping Personal Information, unless you are required to do so by law (smaller business owners have more flexibility in deciding what to keep and how and where to keep it);

- If you must maintain Personal Information (for instance, employee records generally contain social security numbers, which makes employee personnel files subject to the Security Program), be sure to isolate and protect those files; and

- Be sure your consultants, vendors and any other third parties who might have Personal Information as a result of their business transactions with you are in compliance (for instance, think about health insurance providers and payroll companies).

There are no small company exemptions from this new law, so small and large businesses alike are under the gun to begin outlining their plans. As always, I have identified resources to assist my clients with a new challenge and they include employment lawyers and technology consultants whose skills can help guide you through.

And, as always, I urge you not to wait until December to begin... the smart business owners have already carved out reasonable time and resources for this work. Remember, with the Attorney General's Office enforcement team breathing down your neck, voluntary compliance is always easier than involuntary!


Related Articles

  How to maintain data privacy?
  Data Security is Mandatory
  Data Loss - The Scariest Term in Business Today
  Security Concerns with Cloud Computing Services
  Key 2011 Hacker Prevention Lessons
  Retail Security
  BlackBerry Application Development - The Apps Run on the Securest OS
  Backup Software Solution is a Joke
  Securing E-commerce
  If you employ more than 50 people are you complying with the ICE Directive
  Why Might the Wildcard SSL Certificate Be Right for eCommerce Security?
  Best practices to follow for a secure mobile application development
  Whats in a name?
  Who can become a SSL partner?
  Elections Ontario and Security
  MORE HACKING. WHEN WILL IT STOP?
  Boost your site performance with GeoTrust True Business ID Wildcard
  Advantages of Using Web Application Firewall
  How to Protect and Safeguard your Business Data
  Data Security & Outsource Service Providers

Home > Legal > Marijo McCarthy > Complying with the New Data Security Law >

Free PDF Download
What's An Opinion, Anyway? - By Marijo McCarthy

Name: Email:

About the Author: Marijo McCarthy

RSS for Marijo's articles - Visit Marijo's website
Marijo McCarthy is principal of Widett and McCarthy, a Boston-area law firm that helps small business owners grow their businesses with pragmatic legal advice, mentoring and a solid team of professional advisors.
Click here to visit Marijo's website.
Dashed Line

More from Marijo McCarthy
Dont Blow the Boilerplate in Contracts
Do Sweat the Small Stuff Beware of the Hidden Restrictions in NonDisclosure Agreements
Protect Your Business with a Written Contract
Confidentiality Agreements Ticking Time Bombs
Is There a Legal Way to Get Out of a Contract

Related Forum Posts

Re: What's the best anti-virus/spyware software? Re: What's the best anti-virus/spyware software?
Re: Does Your Website Have a Robots.txt File? Re: Does Your Website Have a Robots.txt File?
Re: What I Enjoyed Reading This Week - June 11 Re: What I Enjoyed Reading This Week - June 11
Marketing a company Marketing a company
Re: Google Calendar Re: Google Calendar

Share this article. Fund someone's dream.

Share this post and you'll help support entrepreneurs in Africa through our partnership with Kiva. Over $50,000 raised and counting - Please keep sharing! Learn more.
Share for a Cause



Worksheets
By: Evan Carmichael

Do you have what it takes to be an entrepreneur?

8 Powerful Steps to Finding Your Passion

Does your pitch suck?

Create a plan of attach to launch your new business.

8-Cover

Like this page? PLEASE +1 it! Evan Signature
Bottom Footer



Newsletter

Get advice & tips from famous business
owners, new articles by entrepreneur
experts, my latest website updates, &
special sneak peaks at what's to come!
Name:
Email:
Popular Articles

How to Improve Your Time Management

Where Has All the Originality Gone?

Suggestions

Email us your ideas on how to make our
website more valuable! Thank you Sharon
from Toronto Salsa Lessons / Classes for
your suggestions to make the newsletter
look like the website and profile younger
entrepreneurs like Jennifer Lopez.