In March of 2010, 201 CMR 17.00, or the Standards for The Protection of Personal Information of Residents of the Commonwealth was signed into law. Better known as the Massachusetts Data Protection Law, it outlines the security requirements for those organizations that handle the private data of state residents to follow. Does your business meet these requirements?
What Standards Does My Massachusetts Business Have to Meet?
The Data Protection Law outlines a few security standards that are critical to the success of your business. Putting it briefly, they are as follows:
- Any personal data your business collects must be encrypted.
- There must be policies dictating how both physical and digital records are kept and stored.
- Network security controls must be put in place.
- An organization must abide by risk management policies.
- Employees need to be trained in proper data security practices.
- Any data breaches and policy changes need to be documented.
- All third-party providers with access to data must maintain the same requirements.
What Else Must I Do?
In addition to these rules, House Bill No. 4806 was also signed into law. This amendment will help to ensure that any data breaches are reported to the affected parties and to state regulators. Notifications will be required to include a wide assortment of information, including:
- What information was compromised during a breach, including Social Security numbers, driver’s license information, any financial accounts, and other important personal data.
- The person responsible for the breach, if known.
- Who experienced the breach, and who is reporting it (along with any relationship the two share).
- If a written security program exists, and if it will be updated in response to the breach.
This law also dictates that an organization will need to provide 18 months of credit monitoring services (on their own dime) to those Massachusetts residents whose Social Security numbers were made vulnerable during the breach.
Is Your Business Compliant to These Regulations?
Datalyst can help to make sure it is. We can assess your network to ensure that these regulations are fulfilled. For more information, be sure to contact us at (774) 213-9701 or complete the form on the right.