advantage logo
Issue: # 43 March 1, 2010 
 
Dear :
 
    
*****************Client Alert*****************

Massachusetts Data Security Law (MGL Chapter 93H)
 
Many of you may have received notifications about this new law effective March 1, 2010. Just like you we are trying to determine if this applies to us and what we should do to be in compliance.  It does and we thought it would be helpful to share some of the information we have found. 
 
As always, if you have any questions email Bill or Vanessa.  We hope you find these newsletters helpful, please forward to anyone who may find this of interest. To learn more about Advantage Benefits click here.  
  
Sincerely,
 

Bill Randell, CLU, CHFC             Vanessa Costa, CLU,CHFC
Advantage Benefits Group, Inc.
 
Mass Data Security  
Laws and Regulations
 
On November 4, 2009, the Office of Consumer Affairs and Business Regulations (OCABR) filed on their website the revised Massachusetts Data Security Regulations.  These regulations (201 C.M.R. 17.00) establish minimum standards for protecting and storing personal information about Massachusetts residents contained in paper and electronic format.  These regulations apply to any business or individual who owns, licenses, stores or maintains personal information about a Massachusetts resident.   Employers must comply by March 1st, 2010.
 
These regulations were developed in response to the recent high profile dissemination of personal credit card information from well-known companies such as TJX and Stop & Shop. Per these regulations, personal information is defined as:
 
  • Last name and first name or last name and first initial and, one of the following
    1. Social security number
    2. Driver's license number or state-issued ID number
    3. Financial account information (including debit/credit card number)
 
Every company that handles personal information as defined above must have a written Comprehensive Information Security Program (CISP) to comply with these regulations.  Key components include:
 
  • Self-audit to understand specific information about the company's paper, electronic and other records which contain personal information
  • Development of security policies
  • Designation of a person (s) in charge, who will manage this program and update it annually
  • Define protocol for actions taken in response to a security breach
  • Conduct annual training on this policy and the company's overall Data Security Program
 
We recommend that you do the following:
 
  1. Write up a formal Comprehensive Information Security Program (CISP). Here is an example, click here.  Actually, the sample is very good and the steps laid out within should be followed.  The sample addresses all the above components.
  2. Encrypt any files that contain personal information.
  3. Add password access, that you change quarterly, to any computers that contain personal information.
 
Obviously you can do more than this, but at a minimum, this should get you in compliance.  
Ask Shelley 
Employee information only
Question:   I do not have any personal information on my clients like their social security number or driver's license number.   The only personal information that I have is that of my employees.   Am I subject to these regulations?  If so, what should I be doing? 
 
Answer:  Yes, even if you only have personal information on your employees, even if they are temps, you are subject to this regulations.  
April 1st Renewal 
Big Renewal Date
 
Many small businesses renew April 1st.  This is because some groups that go through an intermediary, like your local Chamber, MBA or SBSB renew their contracts April 1st.   If you have health insurance with any of these organizations, there is typically an annual membership fee.  Many people join these groups thinking somehow they receive better rates.
 
Contact us. We will get competitive quotes from carriers like Blue Cross, who will let you go direct to them and avoid these membership fees.   All we need is a census for those on the health insurance:
 
  1. date of birth 
  2. single or family
 
That's it.  Upon receipt, we will get you rates and send them back the same day or the the very next.  This year it is more important then ever to quote your health insurance since the average renewal is a 20% increase.