First the good news--the 2009 version of the "Employer's Guide to Understanding Massachusetts Workplace Law" is now available. We want to free you from the burdens and risks of deciphering extensive labor and employment standards. Workplace law continues to be dynamic, and much has changed in the last two years: COBRA, the ADA, and the FMLA have each received makeovers; discrimination laws in Massachusetts have expanded to the smallest employers; practically any violation of Massachusetts wage and hour laws subject employers to mandatory treble damages with no available defense; there are new leave rights for military families; President Obama extended the statute of limitations for compensation discrimination claims by signing the Lily Ledbetter Fair Pay Act; care giver discrimination became a hot topic in today's workplace; the Employee Free Choice Act gained momentum; any person (an individual, corporation, association, partnership or other legal entity other than a division or authority of the Commonwealth) that owns, licenses, stores or maintains personal information about a resident of the Commonwealth must have a comprehensive written information security program in place on or before January 1, 2010.

We hope the 2009 edition of our Guide helps you identify potential legal issues before they arise. Please click here to view and print the Guide.

Compliance Audit
Reminder – the Commonwealth enacted a new law regulating the protection and storage of paper and electronic information. Compliance must occur on or before January 1, 2010.

The term "person" includes a natural person, corporation, association, partnership or other legal entity other than a division or authority of the Commonwealth.

"Personal information" includes a resident's first name and last name or first initial and last name in combination with any one or more of the following: Social Security number; driver's license number; financial account number or credit or debit card number but does not include information that is lawfully obtained from publicly available information.

The plan must:

• Detail measures adopted to safeguard information;
• Designate at least one person to manage the security program;
• Impose disciplinary measures for violations of the program;
• Prevent terminated employees from accessing information;
• Monitor security to prevent unauthorized use;
• Document all incidents involving breach and all corrective actions taken as a result;
• Implement user ID and password protocols for electronic documents;
• Restrict access to electronically stored information to a central personnel;
• Monitor the electronic records for unauthorized access and security risks; and
• Upgrade safeguards and protection (firewalls, encryption software) as needed.