UBP blog

11/04/2009

You’re 201 CMR 17.00 compliant and that’s great but do you know how to stay compliant?

Filed under: Massachusetts encryption law — ubpblogger @ 9:24 am
Tags: ,

As you may know, Massachusetts’ upcoming law Standards for the Protection of Personal Information of Residents of the Commonwealth (201 CMR 17.00), requires all businesses that “own, license, store and maintain” personal information on any Massachusetts resident to create and implement a Written Information Security Plan (WISP).

Your WISP needs to be comprehensive and it must spell out all of your technical, physical and administrative safeguards for your personal information. If you’re company already has a WISP and it’s good to go for March 1, you’re definitely one step ahead of the game. However, you’re not off the hook just yet. You’ll need to continuously re-evaluate your plan in order to stay compliant.

Q:  The Law requires companies to evaluate their WISP for comprehensiveness and effectiveness:

A)    Once every year

B)    Once every 5 years

C)    Every time business practices change in a way that impacts personal information security

D)    Both A and C 

A:  If you answered both A and C, then you are correct. Companies required to create and implement a Written Information Security Plan (WISP) are also required to annually evaluate it and re-train employees on it as well.

They are also required to do this whenever business practices change in a way that impacts personal information security. Here’s an example.

“Well we’re movin’ on up”

Let’s say a company is doing really well, is on a trajectory for growth and decides they need to move to a new (and larger) building for more office space. At their former location, the HR department had a small office in which physical files containing employee personal information were stored. The door was only open when the HR Manager or her assistant were in the office working, at all other times it was locked and only the two of them had the key.

At their new office building, a professional cleaning crew comes in every night and vacuums the floor of each office. Because of this, the HR Manager or her assistant would now need to secure all files containing employee personal information in locked file cabinets at the end of each day. They’ll also need to ensure that only the two of them have keys to this cabinet and that all of the above measures are added to their updated WISP.

Want to learn more about the law Standards for the Protection of Personal Information of Residents of the Commonwealth (201 CMR 17.00) and the many other things you must do to get your company compliant?

Register to attend one of our free 30-minute webinars:

-Or-

 

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: