Data Encryption and Legal Compliance
On March 1, 2010, legislation entitled "Standards for the Protection of Personal Information of Residents
of the Commonwealth" (MGL 201 CMR 17.00) went into effect. This law applies to all businesses
that operate in Massachusetts as well as businesses throughout the country that maintain or transmit
personally identifiable information (PII) on Massachusetts residents.
The law applies whether your business has just one computer or 500 computers.
What Is Personally Identifiable Information?
Stated simply, PII is the combination of first or last name, or initials, along with Social Security number,
driver's license number, state-issued ID card number, financial account number, credit card number or
debit card number. As an example, if you keep records anywhere on your network, such as in QuickBooks
or even in an Excel spreadsheet, that contain information like "John Doe with credit card number
123-456-789-012," then you are subject to these regulations.
What Do You Need To Do?
The new law provides standards that you need to follow. For example, all PII must be stored in an encrypted format on any portable medium such as laptops, certain types of handhelds and flash drives, or when being transmitted through an unsecured medium such as the Internet. Note that password-protection does not qualify as protection; the data must be "transformed" through encryption.
In addition to data encryption, the law also states that your business must create and maintain a written information security plan (WISP), a detailed document describing your policies and procedures. You're also obligated to designate a Data Security Coordinator, maintain specific levels of network protection, document your account management processes and much more.
Failure to comply with the new law can result in serious financial penalties as well as a loss of public confidence. Are you prepared?
How Can Fieldbrook Solutions Help My Business?
Fieldbrook has studied the law and its intricacies so that it can offer a full solution to those organizations that need to prepare their infrastructure and business practices to be in compliance. Fieldbrook will work with you to identify and remediate those areas that need enhanced security, deploy an appropriate encryption solution, and prepare and deliver the WISP.
Contact us to find out what steps your business must take to be in compliance with the new law:
Note: The hyperlink above has been intentionally disabled to discourage address harvesters (spambots).