Wednesday, October 29, 2008

New Protection of Information Law goes into effect January 1, 2009

New Protection of Information Law goes into effect January 1, 2009:

A new law is going into effect January 1, 2009 that will affect just about all businesses in Massachusetts.: 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth.

Basically, every business with employees and every business that accepts credit card payments will be effected (this essentially includes ALL businesses). The regulation states that “Every person that owns, licenses, stores or maintains personal information about a resident of the Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information. Such comprehensive information security program shall be reasonably consistent with industry standards, and shall contain administrative, technical, and physical safeguards to ensure the security and confidentiality of such records”. We’ll be working with clients over the next two months to help as needed. For technology, the general things businesses need is to have a network firewall, encryption of wireless networks, strong password protection of networks and systems, and encryption of personal identifiable information.

No comments: