If you are a small business owner who does business in Massachusetts and you have not yet heard of the new Massachusetts data security and privacy laws known as 201 CMR 17, then you need to get up to speed quickly as this law has gone into effect and the compliance deadline has passed at the end of the first quarter of 2010. Please be advised that we strongly recommend that you consult with a qualified attorney as well as your IT staff or trusted IT service provider to help you comply with the laws.
A summary of these new regulations can be found here on the Commonwealth’s web site: 201 CMR 17:00 (PDF)
It is important to understand the impetus behind these laws and what caused the state to take such sweeping action. The TJX breach of 2007 was the major wakeup call that put these regulations into motion. For months, sensitive information was being stolen from this company without anyone in management knowing what was happening. When it was finally discovered, there were over 94 million records that were compromised!
After a series of similar incidents, Massachusetts has come down harder on this issue than any state in the union, because legislators don’t want such breaches to happen at any scale, and neither should you, since these are our credit cards numbers (and other personal information) that are being stolen and potentially used for identity theft.
For organizations who conduct any business in Massachusetts, whether they have physical locations in the state or not, and businesses that handle the personal information (SSN, drivers license number, address and phone number, credit card info, financial account info) of any Massachusetts residents, the state mandates specific assets, processes and performance. If you think about it, that affects everyone from the corner pizza parlor that takes credit cards all the way to the biggest insurance carrier.
The regulations, in summary, require your business to:
- Take the necessary steps to protect personal information, both physically and electronically
- Comply with specific computer security requirements and put resources into place if they don’t exist
- Have the ability to know when a breach happens and report it to the state if it does
- Have a written plan that describes your policies and procedures with respect to info security
- Have a designated go-to person in the company for compliance with these regulations
- Train your employees on these policies and procedures
- Require similar performance from all your relevant vendors
- Monitor your systems and have them audited for continued compliance
The regulations provide much more detailed information and definitions of terms, and we highly recommend you look them over. The state promises to impose heavy fines and penalties on companies that do suffer a breach while not in compliance with the laws. Risks of non-compliance include:
- Audit and penalties by the state
- Loss of goodwill and reputation
- Consumer law suits – torts by individuals whose information has been compromised
Please don’t do what I heard a business owner tell me the other day. He said, “Well, if I don’t do anything, then I won’t know if a breach happens, therefore I can’t report what I don’t know, so I’m good!”
If you want to still own a business after a data breach, I suggest you don’t take this person’s advice. It will be tough enough to make up for your lost reputation when your clients find out you caused their sensitive data to be compromised. For a quick look at businesses that have reported a breach check out the ID Theft Center .
If you haven’t done your 201 CMR 17 compliance project, it’s not too late! Find a service provider with demonstrable 201 CMR 17 compliance experience, or better yet, a consortium of service providers representing the IT/technical, legal and security aspects of compliance, and protect your small business today so you can get back to work with peace of mind.
Copyright
© 2010 Skyrope, LLC. All right reserved
Sources…
[...]check below, are some totally unrelated websites to ours, however, they are most trustworthy sources that we use[...]……
Visitor recommendations…
[...]one of our visitors recently recommended the following website[...]……
Perfumes For Women…
…With the right knowledge and experience, which are crucial to make you happy in any area of life….
Visitor recommendations…
[...]one of our visitors recently recommended the following website[...]……
Great website…
[...]we like to honor many other internet sites on the web, even if they aren’t linked to us, by linking to them. Under are some webpages worth checking out[...]……
Gems form the internet…
[...]very few websites that happen to be detailed below, from our point of view are undoubtedly well worth checking out[...]……
This reading material is obviously written by a gifted writer. I not only agree with the points made, I also like the format. Thank you. http://www.samsung1080phdtv.net/
Favorite sites…
[...] and consequently we’re linking to that site [...]…
Hello…
Great blog Really I like how everything is well written. I am asking myself how I might be informed Whenever there is new content. I have bookmarked your site thanks!…
I just cant stop reading this. Its so cool, so full of information that I just didnt know. Im glad to see that people are actually writing about this issue in such a smart way, showing us all different sides to it.Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic.I really like this article
Tough Week…
It was a tough week here for the past week, so I just took to piddeling around on the internet and found…
levitra…
check it out you will love it…
going to…
play You do not need a accomplice to play with because you get that on-line at any time that you simply determine to play. You possibly can…
[...]we like to honor many other internet sites on the web, even if they aren’t linked to us, by linking to them. Under are some webpages worth checking out[...]……
[...]Here are some of the sites we recommend for our visitors[...]……
Sites we Like……
[...] Every once in a while we choose blogs that we read. Listed below are the latest sites that we choose [...]……
Awesome website…
[...] Tend not to smoke cigarettes or consume alcohol as they can as well cause heartburn. The most effective way on how to treat heartburn should be to lower the spice materials [...]…
Great information…
This can be great. Another checked out this gesture articles or blog posts and we are baffled. We are most certainly fascinated by this sort of everything. Scientists appreciate your prospective knowledge, and profit your precious time inside this. Ple…
MMA Gear…
I found this really brilliant post today…
Blogs ou should be reading…
[...]Here is a Great Blog You Might Find Interesting that we Encourage You[...]……
chance that…
video games require the player to maintain responding to the moves presented, you’ll be able to be sure that a child…
multi level marketing companies…
[...]the time to read or visit the content or sites we have linked to below the[...]…