Safeguarding personal information on a Mass. resident
On March 1, 2010, the MA 201 CMR 17.00 will come in effect. It mandates minimum standards for securing both paper and electronic records containing personal information on a Massachusetts resident. It requires organizations to implement written programs for the protection of personal information which include employee training requirements.
Purpose
Personal information must be protected from the rising incidence of fraud and identity theft. Personal information is defined as:
- Resident's first name and last name, or first initial and last name in combination with any one or more of the following data:
- Social Security number
- Driver's license number
- Massachusetts identification card number;
- Financial account number
- Credit or debit card number, with or without any required security code, access code, personal identification number or password that would permit access to a resident's financial account.
Scope
This regulation applies to every person who owns or licenses personal information about a resident of the Commonwealth.
Your business may not be located in Massachusetts, but if you have customers, vendors and employees who are, and for whom you maintain such personal records, you are affected by this regulation and must be compliant by March 1, 2010.
Your Action Item
If your business is affected by this regulation, then your action item is to implement and develop a written information security program, and establish a security system covering your business' computers and physical files which contain the personal information of Massachusetts’ residents.
If you need help with this task, call us at 508-393-7731 and we'll be happy to assist you.
 |
WAC Consulting Group
367 West
Main Street
Northborough, MA 01532
|
Robert Distler
rdis@wacinc.com
|
|
