Ma 201 Cmr 17 .pliance Nengroup Message About Preparing For The Massachusetts Data Privacy Act-txplatform

Many small businesses believe that they are exempt from the Massachusetts Data Privacy Act (201 CMR 17); the perception is that the law is geared to retailers and financial institutions, whose day to day operation involves the gathering and sharing of large amounts of personal information. A few simple questions should convince you that you are most likely NOT exempt, and that your business must comply. Do you have any employees? Do you receive payments from individuals, whether check or credit card? Do you need to send out 1099s? If you answered yes to any or all of these questions, then you have personal information in your possession, and therefore must bring your business into compliance. Massachusetts has recently revised the 201 CMR 17 law, and there is much good news for businesses: The effective date for 201 CMR 17 is now March 1, 2010 The application of the regulations to those that "own or license" personal information about Massachusetts residents versus their service providers has been more clearly described. The Regulations now take a "risk-based" approach that allows a business to take into account their size, scope, amount of resources, nature and quantity of data collected or stored, and the need for security, in determining how to implement the requirements. The definition of encryption is now technologically neutral, and all computer security system requirements only need be applied "to the extent technically feasible." According to the Massachusetts Office of Consumer Affairs and Business Regulation, this means "that if there is a reasonable means through technology to accomplish a required result, then that reasonable means must be used." Businesses must "take reasonable steps to select and retain" third-party service providers capable of maintaining security measures consistent with the Regulations, and bind them by contract to implement and maintain them. These changes are going to make 201 CMR 17 compliance easier. However the deadline is now less than six months away. Businesses may want to start the hard work that needs to be done now. Write a 201 CMR 17 Comprehensive Information Security Program, with the aid of an attorney. We have provided a model for you to follow. Implement a strong password policy. Passwords need to be impossible to guess and should include letters, both upper and lower case, numbers and symbols. Secure Email so that personal information can not be sent out on the Internet unless it is encrypted. Encrypt laptops and other portable devices in a method that doesn’t interfere with a user’s ability to read and create documents. Have a system to maintain up to date security patches, antivirus, malware, and firewalls for all computer equipment. Then ask who what why when where: WHO: Choose a point person. Having a designated driver will make the complicated process more efficient and more effective. And make sure they have the resources needed to get the job done. WHAT: What are the potential risks? Identify any foreseeable risks to Personal Information and come up with a plan to eliminate or reduce those risks WHY: Educate and Train all employees about the importance of protecting Personal Information and Computer Network Security WHERE: Identify where Personal Information comes from, where it is stored, how it is utilized and by whom. HOW: How are you going to get this done? Decide if internal resources are enough or is an outside network firm needed to create a reasonable secure network WHEN: Now is the time to start tackling these tasks. We have compiled a check list to help you through the process. There are a number of resources available to help small businesses with their questions and concerns on this law that aims to protect them, their customers and their employees. The Massachusetts Office of Consumer Affairs and Business Regulation created these regulations and can be helpful. Please call me at 781 362 1199 or toll free at 800 696 2309. Or you can email me at [email protected] I will be happy to set up an appointment to guide you through this process. About the Author: A full-service managed IT service provider to hundreds of New England area businesses for nearly 15 years, New England Network Group, Inc. (NENGroup) offers a array of IT solutions to help local companies adhere to the upcoming 201 CMR 17 compliance deadline (Massachusetts’ Comprehensive Identity Theft Prevention Regulation – 201 CMR 17). Article Published On: ..articlesnatch.. – Web-Hosting 相关的主题文章: