If you are a small business owner who does business in Massachusetts and you have not yet heard of the new Massachusetts data security and privacy laws known as 201 CMR 17, then you need to get up to speed quickly as this law has gone into effect and the compliance deadline has passed at the end of the first quarter of 2010. Please be advised that we strongly recommend that you consult with a qualified attorney as well as your IT staff or trusted IT service provider to help you comply with the laws.
A summary of these new regulations can be found here on the Commonwealth’s web site: 201 CMR 17:00 (PDF)
It is important to understand the impetus behind these laws and what caused the state to take such sweeping action. The TJX breach of 2007 was the major wakeup call that put these regulations into motion. For months, sensitive information was being stolen from this company without anyone in management knowing what was happening. When it was finally discovered, there were over 94 million records that were compromised!
After a series of similar incidents, Massachusetts has come down harder on this issue than any state in the union, because legislators don’t want such breaches to happen at any scale, and neither should you, since these are our credit cards numbers (and other personal information) that are being stolen and potentially used for identity theft.
For organizations who conduct any business in Massachusetts, whether they have physical locations in the state or not, and businesses that handle the personal information (SSN, drivers license number, address and phone number, credit card info, financial account info) of any Massachusetts residents, the state mandates specific assets, processes and performance. If you think about it, that affects everyone from the corner pizza parlor that takes credit cards all the way to the biggest insurance carrier.
The regulations, in summary, require your business to:
- Take the necessary steps to protect personal information, both physically and electronically
- Comply with specific computer security requirements and put resources into place if they don’t exist
- Have the ability to know when a breach happens and report it to the state if it does
- Have a written plan that describes your policies and procedures with respect to info security
- Have a designated go-to person in the company for compliance with these regulations
- Train your employees on these policies and procedures
- Require similar performance from all your relevant vendors
- Monitor your systems and have them audited for continued compliance
The regulations provide much more detailed information and definitions of terms, and we highly recommend you look them over. The state promises to impose heavy fines and penalties on companies that do suffer a breach while not in compliance with the laws. Risks of non-compliance include:
- Audit and penalties by the state
- Loss of goodwill and reputation
- Consumer law suits – torts by individuals whose information has been compromised
Please don’t do what I heard a business owner tell me the other day. He said, “Well, if I don’t do anything, then I won’t know if a breach happens, therefore I can’t report what I don’t know, so I’m good!”
If you want to still own a business after a data breach, I suggest you don’t take this person’s advice. It will be tough enough to make up for your lost reputation when your clients find out you caused their sensitive data to be compromised. For a quick look at businesses that have reported a breach check out the ID Theft Center .
If you haven’t done your 201 CMR 17 compliance project, it’s not too late! Find a service provider with demonstrable 201 CMR 17 compliance experience, or better yet, a consortium of service providers representing the IT/technical, legal and security aspects of compliance, and protect your small business today so you can get back to work with peace of mind.
Copyright
© 2010 Skyrope, LLC. All right reserved
Thanks so much for the blog article.Really thank you! Fantastic.
Haha, Free adult forum is open for registration for up to 15 days (9.15-9.30), please visit http://vai.la/ZfL
I love your website, watch my: about Alicia Silverstone see-through dress and nipslip,
gecenwiuazedjayp australian online casino fjiehhz
Good website, 5/510/109/104/5, check my: about Archive for November,
Hi mate. I really enjoy the article along with your webpage all in all! That piece of writing is actually quite clearly composed and effortlessly understandable. Your current Blog theme is great as well! Would be good to learn where I are able download it. Please continue to keep up the great work. We need much more these types of web owners just like you on the net and much fewer spammers. Great mate!
Thanks this made for intresting reading. I adore your wordpress theme, i often come back here and i dont know why. I just seriously like your web site lol… I just now read something simular to this i think they may well of stolen your blog?
Awesome article! thanks for the good read!
I would like facebook or twitter acquired trains.!!!.don’t forget how myspace experienced the trains the place every person grew to become good friends with all people different?
its really very great and informative post. thanks for sharing the information
My professor had a meaningful saying germane to that.
seo forumIt can be no secret that website positioning definitely performs – but how does it achieve these outcomes? Search engine marketing is designed on a single premise: the fact that search engines like google and yahoo constitute the principal way that prospects in search of items or expertise or facts online locate what they are searching for. Search engines like google are incredibly impressive. Google alone leads to hundreds of billions of searches every year and has long dominated the market. Even its rivals, Yahoo! and Bing, rack up billions of searches annually. This really is as well considerably shopper activity to get ignored, and that is why Search engine optimisation was produced.seo services
It’s weird how much great information you can find these days on the internet. Thank you for the post good Sir.
Asia Pacific Exchange is a small stock exchange based in Australia and formerly known as the Australia Pacific Exchange.
right click it, or push 1, 2, 3, 4. if you are pushing 1234 and nothing is happening then left click the potion, drag it over where your potions were, and left click again. then you are able to push 1234 instead of going into your bag, but don’t forget to refill.
Hi Web site owner. I truly love the particular writing and also your current web site all in all! Your piece of writing is actually quite clearly written and also effortlessly understandable. Your Blog design is great as well! Would definitely be awesome to discover where I can download this. Please keep up the great job. We require a lot more these web masters such as you on the net and much less spammers. Great man!
I don’t believe this! Smile
Exactly the knowledge we was trying to find. Need to change our spending habits soon
Best Free PDF Ebooks Search Engine online,check out!
Sorry for the huge review, but I’m really loving the new Zune, and hope this, as well as the excellent reviews some other people have written, will help you decide if it’s the right choice for you.
Not too long ago, I didn’t give lots of consideration to leaving comments on blog page articles and have placed comments even much less. Reading through by way of your nice posting, will support me to do so sometimes.
Blasphemy! LOL Just kidding. I’ve read similar things on different blogs. I’ll take your word for it. Stay solid – your pal.
There are some interesting points in time in this article but I don’t know if I see all of them centre to heart. There is some validness but I will hold opinion until I look into it further. Good clause, thanks and we want more! Added to FeedBurner also.
ylcsusaknrxadqhfpqqn, mattress topper, KyGFrZG.
I’m thinking about setting up a private membership forum concerning.
I learn something new on different blogs everyday. It is always exciting to read blogs of other bloggers and learn something from them. Thanks for sharing.
What is the variation in between a automobile along with a golf golf ball? Mr. Woods can drive a golf ball 400 yards.
Hmm, that is some compelling information you’ve got going! Makes me scratch my head and wonder. Keep up the good writing!
I’m not going to have folks working against me.
Do you know what a lot of coalitions hate in respect to ?
Best Free PDF Ebooks Search Engine online,check out!
nice
wniukelqzsuioqwmmzxj phentermine prescription nffqnhp
However, like my pal relates to me, Neither a borrower nor lender be.
Hello! Thanks for supplying some informative info on the topic. I am saving your website and for sure definitely check back often.
I was wondering what is up with that weird gravatar??? I know 5am is early and I’m not looking my best at that hour, but I hope I don’t look like this! I might however make that face if I’m asked to do 100 pushups. lol
Hi, i just thought i’d post and let you know your blogs layout is really messed up on the K-Melon browser. Anyhow keep up the good work.
Hi, i just thought i’d post and let you know your blogs layout is really messed up on the K-Melon browser. Anyhow keep up the good work.
I suspect that’s a load of malarky.
Excellent post.When talking about Free Palm Reading,it’s always interesting and mysterious.
I cannot ignore this: It is a good time to forget about this.
While working on and nobody really knows anything about it either.
We’ll discover the mistakes that flunkies make.
I’ve been visiting your blog for a while now and I always find a gem in your new posts. Thanks for sharing.
I do use a that originates an emanation for a.
do you have any update on this?
I think that to get the credit loans from banks you ought to have a firm reason. However, once I’ve received a college loan, just because I was willing to buy a car.
good post, added you to my RSS reader.
You must set up the tweet meme plugin on right here. It might get you much more targeted visitors and make my lifestyle considerably much easier lol
Just want to say your article is astounding. The clarity in your post is simply spectacular and i can assume you are an expert on this field. Well with your permission allow me to grab your rss feed to keep up to date with incoming post. Thanks a million and please keep up the fabulous work.