by Administrator
2. March 2010 14:47
As you are hopefully aware, as of March 1, the new Massachusetts regulations by the Office of Consumer Affairs and Business Regulations (OCABR) regarding private information data security is now in effect. This important legislation is referred to as 201 CMR 17:00 “Standards for the Protection of Personal Information of the Residents of the Commonwealth” and it affects all business entities that collect or retain any personal information of Massachusetts residents.
The law mandates that all businesses develop a Written Information Security Program (WISP) and provide monitoring and training as part of the plan. By now you should have prepared a WISP that specifies your policies and your plan for securing private information in your possession, whether in paper or electronic form.
If you have not yet prepared your WISP and would like to know more about this new regulation, KDSA can assist you in your compliance effort. Your approach should include the following steps:
a. Appoint a designated person to maintain the information security program.
b. Inventory all private information that is collected, retained or sent to third party providers.
c. Assess how such data is secured now and identify any ‘gaps’ in security to be corrected.
d. Write your WISP plan.
e. Certify third party service providers and vendors compliance.
f. Train employees.
g. Maintain, monitor and test the plan.
From an IT perspective, the new regulations mandate the encryption of mobile devices such as laptops, USB flash drives, and smart phones that have personal information stored on them. Among other measures, businesses must now implement ‘strong’ passwords and have reasonably up-to-date firewall protection. Additionally, data backups containing personal information stored at offsite locations must now also be encrypted.
There are many more directives that are outlined in the new regulations. To assist our clients, KDSA offers a variety of consulting services and training seminars to help your staff understand the new requirements and implement your WISP effort. These services range from facilitating your compliance team to training your employees. We would be happy to discuss with you how your WISP is progressing and provide any assistance you may need to be fully compliant. Additionally, please visit our website (www.kdsaconsulting.com) for information regarding our upcoming Compliance Seminars on March 16th and March 31st.
Please feel free to contact me directly by email at dreczek@kdsaconsulting.com or by phone at 978-852-1812 if I can be of any assistance.
Subscribe