Complimentary Webinar - Massachusetts Data Security Regulations: A Plan for Compliance

Posted on February 8, 2010 by Joseph Lazzarotti

Beginning March 1, 2010, businesses will be required to safeguard from identity theft and other dangers personal information about Massachusetts residents under a “written information security program” or WISP. Similar requirements exist in other states around the country, although those requirements generally are not as comprehensive as those becoming effective in the Bay state.

Our complimentary webinar is designed to help employers and businesses become compliant. The program will cover:

  • the emergence of data security mandates across the country,
  • the Massachusetts approach to data security – breach notification, data destruction, the nuts and bolts of the identity theft/data security regulations, and
  • best practices when creating a WISP.

We hope you enjoy the webinar.

Tags: , , , ,

The Final, Final Massachusetts Data Security Regulations and a Checklist for Compliance

Posted on November 15, 2009 by Joseph Lazzarotti

Massachusetts Seal

The Massachusetts Office of Consumer Affairs and Business Regulations (OCABR) announced on November 4, 2009, the filing of final regulations (pdf) with the Secretary of State’s office, the final step before the regulations take effect March 1, 2010.

The final regulations differ slightly from the version of the regulations issued in August 2009, which made significant revisions to the earlier version of the rules.

OCABR clarified in the final regulations that:

  • those who store personal information must comply, and
  • until March 1, 2012, contracts with service providers will be deemed to satisfy the contract requirement, even if the contract does not require the service provider to maintain appropriate safeguards, as long as the contract was entered into no later than March 1, 2010. However, it is recommended that contracts with service providers be amended as soon as possible to require appropriate safeguards, as there may be similar requirements under federal or applicable state law (such as HIPAA or data security laws in Maryland, Oregon or Nevada). 

While the regulations have had a number of changes, the written information security program requirement remains, along with a number of other safeguards for personal information that require immediate attention. 

A checklist for the final regulations can be found here (pdf). 

Tags: , , ,

WISP: Do You Have a Plan for Your Company's Sensitive Information?

Posted on October 24, 2009 by Joseph Lazzarotti

Data privacy and security laws in states such as Massachusetts, Maryland and Nevada require businesses to develop written policies and procedures that provide administrative, physical, and technological safeguards to protect personal information - or a "written information security program" or "WISP." These laws do not require protections for confidential company information and trade secrets, but such information also warrants protection.

Failure to do develop a WISP can leave a business exposed. messy desk

Certain businesses also can lose a business advantage as individuals (clients, employees, dependents, and others) and business partners increasingly demand heightened security of their sensitive and personal information.

But where does a business start?

 

Don't wait any longer! Develop a plan by reading the Data Privacy Primer (PDF).

Tags: , , , ,