MANAGEMENT MOXIE Nimble News

YOU TALKING TO ME?
YES, THE NEW LAW REQUIRING AN INFORMATION SECURITY PLAN APPIES TO EMPLOYERS

THE REGULATION
The state of Massachusetts has enacted a new regulation regarding the protection and storage of paper and electronic information. The regulation (201 CMR 17.00) applies to all employers who “own, license, store or maintain personal information about a resident” of Massachusetts. Originally slated to take effect January 1, 2009, the new timeline for compliance is May 1, 2009 (citing intervening economic circumstances).

COMPLIANCE
Employers must have an information security program in writing by April 30, 2009. The plan must:
  • detail measures adopted to safeguard information;
  • designate at least one person to manage the security program;
  • impose disciplinary measures for violations of the program;
  • prevent terminated employees from accessing information;
  • limit the amount of, time retained, and access to personal information;
  • monitor security to prevent unauthorized use;
  • document all incidents involving breach and all corrective actions taken as a result.
The new regulation also contains a provision covering electronic documents, which obligate employers to:
  • implement user ID and password protocols;
  • restrict access to electronically stored information to essential personnel for necessary business purposes only;
  • monitor the electronic records for unauthorized access and security risks;
  • upgrade safeguards and protection (firewalls, encryption software) as needed.
FINAL THOUGHT
Businesses that fail to comply with these regulations can be subjected to fines from the state and will be at greater risk of monetary liability to any person whose personal information is stolen. We recommend that you implement a written plan detailing the measures of your security program before the May 1, 2009 deadline. Moreover, you may need to check with your IT services to ensure that your computer protections are up to date.

WE CAN HELP

You can reach us at 508.548.4888 or info@foleylawpractice.com


© 2008 FOLEY & FOLEY, PC, ALL RIGHTS RESERVED
 

Email Marketing by