Group items tagged

As if banks didn't have enough on their plates with compliance and regulation on the federal front, come May 1, they will have to be mindful of strict new rules coming from the Commonwealth of Massachusetts around data security. The Massachusetts Data Security Regulations are perhaps like no other in terms of their depth and scope. During a teleconference, attorneys from the privacy and data security practice of the law firm Goodwin Procter (Boston) described this very detailed, all-encompassing set of rules designed to keep consumers' personal data safe. They go beyond the rules of other states and the federal government that simply require companies to notify their customers of theft of their personal information. "Personal information," for the purposes of the regulation, is described as someone's first and last name or first initial and last name, in combination with Social Security Number, driver's license number or financial account number. At its core, the regulation states that companies, including banks, that handle the personal data of a Massachusetts resident must show they have in place a comprehensive, written information security program with heightened security procedures around how this information is handled. The rules also extend to entities' service providers and the degree to which they too much show they comply with the Massachusetts rules of handling data on residents. Companies have until May 1 to amend their vendor contracts to reflect this and until Jan. 1, 2010 to certify their vendors comply. Furthermore, companies must comply with these rules even if they do not have a single office in the Bay State or if they are in an already heavily regulated industry, like financial services. As long as customers in businesses' databases reside in Massachusetts, those companies are affected by the rules. According to partner Deborah Birnbach, this is some of the most intrusive legislation as it relates to the operation of businesses. "It requires

I. INTRODUCTION The globalization revolution is undeniably well underway. Some of the primary leaders of the revolution are the off-shoring outsourcers of the world in search of readily available talent at prices below what is available in the traditional geographical outsourcing centers. Certainly, U.S. companies seeking information technology resources--as well as those looking for human resources to support the ever-growing customer care requirements of their business--are at the forefront of the movement. Some of those companies are seeking their own solutions, but many have turned to business process outsourcing companies for assistance. Business process outsourcing is, generally speaking, the contracting of a specific business task to a third party service provider. Processes that are best suited to be outsourced are those that a company requires but does not depend upon to maintain its position in the marketplace. There are two primary categories of business process outsourcing. One category is commonly referred to as "back office outsourcing" which includes internal business functions such as billing or purchasing. The other category is commonly referred to as "front office outsourcing" which includes customer-related services such as marketing, customer contact management, and technical support. The globalization of business in general has resulted in the need for companies to be able to provide support to their customers in many different languages. At the same time, developments in technology have provided the ability for business process outsourcers to provide a cost effective global delivery platform. The convergence of the need for a portfolio of services to be sourced globally with the ability of business process outsourcers to do so on a cost effective basis has driven the outsourcers to geographic locations previously ignored by most business sectors. By many estimates, there are currently off-shore outsourcing vendors in more than 175 different

Dropbox's efforts are so potentially meaningful because the FTC states that, among its chief priorities for any federal rules, are clear, reader-friendly contractual language and privacy policies. While Google is fighting such efforts with lobbyists, Dropbox is giving an example of how to cut legalese from a contract and let users know exactly what they're signing up for.

"Can personal medical data that has been stripped of its identifiers to protect privacy later be used to identify a specific person? That is the question that the Health and Human Services Department is hoping a research contractor can answer. HHS intends to hire a contractor to demonstrate either the "ability or inability" to re-identify data from a data set that has been de-identified under the Health Information Portability and Accountability Act (HIPAA) Privacy Rule, according to a Jan. 4 notice on the Federal Business Opportunities Web site. De-identification and re-identification of patient data have become hot issues in the discussion about how to protect patient privacy while advancing adoption of electronic health records. The Obama administration is distributing at least $17 billion in incentive payments to doctors and hospitals who buy and use digital systems for medical data."