Are You Ready for March 1st? |
|
Are You in Compliance with the
New Massachusetts Privacy Law?
As you are likely aware, the new Massachusetts Privacy Law 201 CMR 17.00 regarding the protection of personal information, may impact you and the way you conduct business. Below are some rough guidelines to the new legislation:
The new regulations are intended to apply to "all persons that own, license, store or maintain personal information about a resident" of Massachusetts. Personal information is defined as first and last name, or first initial and last name, in conjunction with any one or more of the following:
- Social security number
- Driver's license number (or state-issued ID card number)
- Financial account number or credit or debit card number
While the first part of the regulation requires the implementation of a comprehensive written security program, the second imposes certain security system requirements for computer and wireless networks. These regulations are quite tough and will most likely require businesses to revise or create new information security programs and policies to comply with these regulations by the effective date of March 1, 2010.
What Must be Included in Your Security Plan:
- Identification and assessment of risks.
- Evaluation and improvement of the effectiveness of safeguards.
- Development of security policies for employees.
- Taking reasonable steps to verify third-party service providers have the capacity to protect information.
- Obtaining from third-party service providers a written certificate that they are in compliance.
- Limits on the amount of personal information collected, the time such information is retained, and the access to such information.
Penalties for Non-Compliance:
Violators may be subject to a $5,000 civil penalty for each violation. |
