Skip to main content

Home/ WPPS C-Suite News/ Group items tagged Massachusetts

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

Nation's toughest personal info law about to take effect -- Government Computer News - 0 views

gcn.com/...-law-personal-information.aspx

Breach Law WISP pii security MA Laws

shared by sandy ingram on 30 Jan 10 - Cached
  • Businesses that hold personally identifiable information on Massachusetts residents have one month to comply with what security experts are calling the toughest data security requirements in the nation. The Massachusetts Data Breach Law, passed in 2007, goes into effect March 1 and requires personal information in networked systems to be protected with strong encryption, firewalls, antivirus and access controls.
  • The law was written in response to the theft of information on more than 45 million credit card accounts from TJX Companies in 2007
  • The law is designed to ensure “the security and confidentiality of customer information,” based on current industry standards, focusing on threats that can or should be anticipated. The regulations take into account the size of a business, the amount of resources available to it, the amount of personal data held and the sensitivity of the data. It covers paper and electronic records and requires physical and IT security.
  • ...1 more annotation...
  • written information security plan (WISP). “Ninety percent of the clients I deal with on this law do not have a WISP.”
  • sandy ingram on 30 Jan 10
     
    "Businesses that hold personally identifiable information on Massachusetts residents have one month to comply with what security experts are calling the toughest data security requirements in the nation. The Massachusetts Data Breach Law , passed in 2007, goes into effect March 1 and requires personal information in networked systems to be protected with strong encryption, firewalls, antivirus and access controls."
sandy ingram

Smaller companies challenged to comply with Massachusetts' data privacy rules - Mass Hi... - 0 views

www.masshightech.com/...usetts-data-privacy-rules.html

compliance Privacy Security Massachusetts proofpoint

shared by sandy ingram on 10 Nov 10 - No Cached
  • The regulations, which went into force in March, are intended to protect a consumer’s personal information from identity theft and other privacy breaches and to spell out steps that businesses must take to ensure data is secured. Some large companies — particularly those in the finance and health care industries that are already subject to data security laws like the Health Insurance Portability and Accountability Act (HIPAA) — had privacy measures in place, which helped get them ready for Massachusetts’ regulations. However, for many smaller and midsize companies that have not been subject to data security laws before, complying with the rules is a longer and often more painful process.
  • some businesses that are complying with privacy regulations for the first time and have limited in-house technology expertise “are running around with their hair on fire, trying to figure out what to do first,”
  • “We’ve seen a substantial uptick in activity in clients seeking guidance in how to comply,” said Carlos Perez-Albuerne, a partner at Choate Hall & Stewart LLP. “There’s a whole swath of businesses that never had to deal with anything like this before.”
  • ...4 more annotations...
  • Under the regulations, organizations — no matter where they are based — that store personal information about Massachusetts residents have to write security policies detailing how the data will be protected, encrypt the data when it is stored on laptops or other portable devices or transmitted over public networks, and monitor their systems for breaches.
  • Believed to be among the most stringent data privacy regulations in the U.S., the rules have lawmakers and businesses taking note. The regulations are now driving computer security policy agendas across the country, said Mark Schreiber, a partner at Edwards Angell Palmer & Dodge who chairs the firm’s privacy and data protection group. “The impact is much broader than we ever imagined. Who would have thought it would have catalyzed so much activity?” he said. “This will be with us for decades or longer.”
  • Since March, Cutugno Court Reporting and Sten-Tel Inc., a Springfield-based firm that provides document management and transcription systems, has spent “easily into the six-figure realm” on technology and consulting services to comply with the privacy regulations, said Blake Martin, the company’s CIO.
  • To date, state regulators have not yet taken any public enforcement actions against organizations that have failed to comply with the rules. The state attorney general’s office, which is charged with enforcing the regulations, and the Office of Consumer Affairs and Business Regulation, which developed the regulations, have been focusing on compliance efforts, reaching out to trade groups, bar associations and others to spread the word.
  • sandy ingram on 10 Nov 10
     
    "Eight months after the state's tough, new data privacy regulations went into effect, many businesses are still sorting through the rules and working to bring their firms into compliance. "
sandy ingram

Data breach laws, e-discovery increase compliance duties - - 0 views

www.fiercecio.com/...2010-04-17

data breach laws Compliance privacy security ediscovery identity theft

shared by sandy ingram on 20 Apr 10 - Cached
  • The Massachusetts law applies not only to businesses in the state but to any company that keeps personal data on the state's residents. George examines two parts of the law that are particularly notable because they require action to avoid breaches--not just notify victims after the fact.
  • Businesses are required to have a working information security program for protecting personally identifiable information, and they must submit a written information security program to the state. They also must encrypt data in motion and at rest, including information on portable devices such as USB drives, laptop computers and smartphones.
  • A second complicated--and evolving--area of compliance is e-discovery, which is the process of handing over electronically stored information requested during a lawsuit.
  • sandy ingram on 20 Apr 10
     
    States are getting tougher when it comes to trying to protect their residents' personal data from breaches, and a new law in Massachusetts raises the bar by setting a fine of $5000 per record lost. As Randy George at InformationWeek reports, a company could be fined $1 million for losing one laptop with personal data on just 200 residents of the Bay State
1 - 3 of 3
Showing 20 items per page