FREE MEMBERSHIP - Create your personalized Bitpipe Service!  Members: Sign in 
 Dec 3, 2009
 Free Newsletters  Most Popular Reports  Top Topics  Research Guides  RSS  About Us
Search Bitpipe: 
   Search Help
Massachusetts Data Protection Law: 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth
sponsored by Lumension

In the first ten months after a new Massachusetts identity theft law took effect in late-2007, the Office of Consumer Affairs and Business Regulation reported that over 625,000 residents of the Commonwealth had been directly impacted by a data breach of their personally identifiable information (PII). Of these, about 60% were the result of criminal / unauthorized acts and the remainder due to employee error or "sloppy internal handling" of PII. To help mitigate the negative impacts of this ID theft problem, Massachusetts passed a new law that requires any organization that "owns, licenses, stores, or maintains personal information about a resident of the Commonwealth" to follow a comprehensive set of information security requirements.

This new set of regulations (201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth), initially released in September 2008 and then updated in early 2009, defines personal information as first name (or initial) and last name in combination with one or more of the following: SSN; driver’s license or state-issued ID card number; financial account number, credit or debit card number, with or without any required security code, access code, PIN or password. [There is an exception for publicly available information.] It takes state data protection laws into some unprecedented areas, such as mandating the use of encryption to protect PII (whether in transit or at rest) and the use of regularly patched and up-to-date OS, anti-virus / anti-malware, and firewall software.

According to section 17.01(2), the provisions of this regulation apply "to all persons who own, license, store or maintain personal information about a resident of the Commonwealth." This means all businesses, be they in-state or out-of-state, which store personal information about a resident in the state of Massachusetts will need to implement a comprehensive information security program.

Read this whitepaper to learn more about the new regulations in Massachusetts and what they mean to your organization.

(THIS RESOURCE IS NO LONGER AVAILABLE.)
 
Available Resources from Lumension
Reduce the Cost to Achieving HIPAA Security Compliance with Lumension® Solutions
sponsored by Lumension
White Paper: Healthcare organizations face a host of HIPAA Security Rule compliance challenges with the move to put patient medical records online. Lumension helps organizations address these compliance challenges by providing the proactive IT risk management and the required audit readiness to meet many aspects of the HIPAA Security Rule.
Posted: 19 Oct 2009 | Published: 19 Oct 2009
Home | About Us | Contact Us | Advertise with Us | Partner with Us | Site Index
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines

Definitions: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other   TechTarget - The Most Targeted IT Media
TechTarget Corporate Web Site  |   Media Kits  




All Rights Reserved, Copyright 2000 - 2009, TechTarget | Read our Privacy Statement