Posted by Daryl Rinaldi on Mon, Jan 18, 2010 @ 06:18 PM
Data privacy is a hot topic these days. The new privacy regulations (201 CMR 17:00) by the Massachussetts Office of Consumer Affairs and Business Regulation are going into effect March 1st, 2010. These regulations cover any business that stores personal information about Massachusetts residents. Your Boston-area IT Support firm or IT Department should be knowledgeable on the specific requirements of the regulations. Some important things to consider:
- Even if you don't collect customer personal information, if you keep your employees' Social Security Numbers then you are covered by these regulations.
- There is no technological silver bullet. These regulations require you to adopt certain business practices now.
- You have to create a Written Information Security Program (WISP).
- You have to appoint an Information Security Manager to maintain the WISP.
- As part of the WISP you must inventory reasonably foreseeable security risks and the WISP should address those risks.
- The first step is to actually inventory the personal information (see our white paper for the definition of "personal information") your company keeps. You may be surprised at all the places this information resides.
- These regulations apply to personal information on paper as well as in electronic form. If you don't already have locking filing cabinets you should get them now.
- The regulations have some specific requirements about your computer systems, your password security, and data encyption. Download our white paper for a more detailed discussion of the computer system requirements.
GizmoFish has prepared a helpful White Paper called "10 Things You Must Know About the New Massachusetts Data Privacy Regulations." Click -> here to download this paper