If you are a small business owner who does business in Massachusetts and you have not yet heard of the new Massachusetts data security and privacy laws known as 201 CMR 17, then you need to get up to speed quickly as this law has gone into effect and the compliance deadline has passed at the end of the first quarter of 2010. Please be advised that we strongly recommend that you consult with a qualified attorney as well as your IT staff or trusted IT service provider to help you comply with the laws.
A summary of these new regulations can be found here on the Commonwealth’s web site: 201 CMR 17:00 (PDF)
It is important to understand the impetus behind these laws and what caused the state to take such sweeping action. The TJX breach of 2007 was the major wakeup call that put these regulations into motion. For months, sensitive information was being stolen from this company without anyone in management knowing what was happening. When it was finally discovered, there were over 94 million records that were compromised!
After a series of similar incidents, Massachusetts has come down harder on this issue than any state in the union, because legislators don’t want such breaches to happen at any scale, and neither should you, since these are our credit cards numbers (and other personal information) that are being stolen and potentially used for identity theft.
For organizations who conduct any business in Massachusetts, whether they have physical locations in the state or not, and businesses that handle the personal information (SSN, drivers license number, address and phone number, credit card info, financial account info) of any Massachusetts residents, the state mandates specific assets, processes and performance. If you think about it, that affects everyone from the corner pizza parlor that takes credit cards all the way to the biggest insurance carrier.
The regulations, in summary, require your business to:
- Take the necessary steps to protect personal information, both physically and electronically
- Comply with specific computer security requirements and put resources into place if they don’t exist
- Have the ability to know when a breach happens and report it to the state if it does
- Have a written plan that describes your policies and procedures with respect to info security
- Have a designated go-to person in the company for compliance with these regulations
- Train your employees on these policies and procedures
- Require similar performance from all your relevant vendors
- Monitor your systems and have them audited for continued compliance
The regulations provide much more detailed information and definitions of terms, and we highly recommend you look them over. The state promises to impose heavy fines and penalties on companies that do suffer a breach while not in compliance with the laws. Risks of non-compliance include:
- Audit and penalties by the state
- Loss of goodwill and reputation
- Consumer law suits – torts by individuals whose information has been compromised
Please don’t do what I heard a business owner tell me the other day. He said, “Well, if I don’t do anything, then I won’t know if a breach happens, therefore I can’t report what I don’t know, so I’m good!”
If you want to still own a business after a data breach, I suggest you don’t take this person’s advice. It will be tough enough to make up for your lost reputation when your clients find out you caused their sensitive data to be compromised. For a quick look at businesses that have reported a breach check out the ID Theft Center .
If you haven’t done your 201 CMR 17 compliance project, it’s not too late! Find a service provider with demonstrable 201 CMR 17 compliance experience, or better yet, a consortium of service providers representing the IT/technical, legal and security aspects of compliance, and protect your small business today so you can get back to work with peace of mind.
Copyright
© 2010 Skyrope, LLC. All right reserved
A Very interesting article . Whenever i check your blog i find a unique view. In addtition , as a fresh developer, i should mention that the structure of your site is nice . Could you reply with the name of the template? .
Cheers .
Cheers from CHina, watch my: about Ali Landry sexy posing in water Nude celebrity blog,
If lending starts loosening up I think the market will pick back up
Aw, it was a real quality article. Actually I’d like to write this way too – taking actual work to create a great posting… yet what can I say… I procrastinate an awful lot and never seem to get anything done…
Hi,
I wanted to say that I have been reading for a while and I would like to sign up for the feed. I’ll give it a try but I will need some assistance. This is a terrific find and I would hate to lose contact, and maybe never discover it again.
Anyway, thanks again and I look forward to posting again in the future!
Beverly Hills city plastic surgeons
Good portal, 5/510/109/104/5, check my: about online casinos,
hey there, this might be little offtopic, but i am hosting my site on hostgator and they will suspend my hosting in 4days, so i would like to ask you which hosting do you use or recommend?
I think the real estate in my area is picking up soon
I hope our market starts to turn around soon
I really hope there are some plastic surgeons in New Orleans
good post, added you to my RSS reader.
Your site is amazing.I am very impressed to see this,i want to come back for visiting your site.Keep doing Good as well as you can..
I luv your post! Appreciate it!
Can’t wait till you post once more… researching forward to it companion.
Yo, an awesome info dude. Thanks for sharing! However I am experiencing trouble with your RSS feed. Unable to subscribe to it. Does anyone else experiencing identical RSS issue?
Which golf clubs will be the best for beginner ?
This is a terrific little place I can’t believe I didn’t wander onto it sooner
Cheers from CHina, watch my: about Salma Hayek lingerie and posing in panties,
Thanks for this interesting information.
I just book marked your blog on Digg and StumbleUpon.I enjoy reading your commentaries.
Interesting read. What is the lifestyle like for physicians in France. For instance, what kind of hours do anesthesiologists work? Do they take summers off like most of the population seems to do? Vacation? Weekly hours?
Beauty of contemporary, about the little?Steht vor der, intrinsically dry skin.One hand SEO, away The reasons.Livelihood Going to Neuesten Artikel, costs considerably when stroke is and.Only prolong that, that hard Of.,
You certainly have some agreeable opinions and views. Your blog provides a fresh look at the subject.
I enjoyed seeing this, like your blog layout too. Must be Joomla?
great resources here. I’ll be back for the next your posting. keep writing and happy blogging.
Auto insurance or Health insurance,? This doesn’t mean much. You actually demands insurance in this society so sad when we do not have insurance. This post is actually awesome regarding the details on wonderful rates and good companies, but I really love this post it really broke down the details on exactly what i was looking for, thanks a lot for this blog as well as this post will probably be referring and returning for more info.
These are great articles, I really appriciate your work.
good post, added you to my RSS reader.
I’m not such an expert when it comes to this. Useful read, appreciate your posting this.
I merely stumbled upon your blog post and swiftly scanned alongside. I’ve come across several strange responses, yet typically I’ve got to trust what are the other commenters assert. Discovering so many nicegreat critiques with this website, I was thinking which I’d personally also participate in as well as inform you that I truly loved scanning this submit. So i believe this would be our 1st opinion: “I believe you have produced a few really insightful items. Made folks might truly picture this how we just did. I am really amazed there’s so much about it theme that have been discovered and you also did it thus nicely, with a lot course!”
Hi do you use seo plugins on your blog? im looking for some advice.
I found this information interesting.
You certainly deserve a round of applause for your post and more specifically, your blog in general. Very high quality material.
guess what? I like what you wrote, added you to my FeeBurner.
Dear mate. I truly just like the post and also your current website all in all! That piece of writing is very plainly composed and easily understandable. The WP theme is amazing as well! Would definitely be great to know where My partner and i can get this. Please hold up the very good work. We all need more these website owners such as you on the net and also much fewer spammers. Wonderful friend!
I liked reading this, where are your contact details hmm?
The Scriptures is definitely the highway chart to my lifestyle
Please tell me it worked right? I dont want to sumit it again if i do not have to! Either the blog glitced out or i am an idiot, the second option doesnt surprise me lol. thanks for a great blog!
sbbgcdujcxc online casino roulette zlelzqy
This is by far the best looking site I’ve seen. It was completely easy to navigate and it was easy to look for the information I needed. Fantastic layout and great content!
This is an awesome, excellent and wonderful post in terms of content, ideas and resources. Vakantie
Because of your website, I can improve my website. Thank you for giving information that is always new and readable.
tliwtww template monster rapidshare aqjqsvekqemsyj
mgmgm USA Online Casinos zvbvcrw
Thank you for making this blog post.
hdjftwd templates jrirvshxxzlhec
Traffic Siphon…
Traffic Siphon Says -Exclusive Piece of content! My partner and i had been simply thinking about that there is such an abundance of afoul insight in this particular area of interest and you just certainly replaced the sentiment. Many thanks for a very …
Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with more information? It is extremely helpful for me.
Thank you for sharing this article.