Data privacy and security laws in states such as Massachusetts, Maryland and Nevada require businesses to develop written policies and procedures that provide administrative, physical, and technological safeguards to protect personal information - or a "written information security program" or "WISP." These laws do not require protections for confidential company information and trade secrets, but such information also warrants protection.
Failure to do develop a WISP can leave a business exposed.
Certain businesses also can lose a business advantage as individuals (clients, employees, dependents, and others) and business partners increasingly demand heightened security of their sensitive and personal information.
But where does a business start?
Don't wait any longer! Develop a plan by reading the Data Privacy Primer (PDF).