Menu

What is 201 CMR 17:00?

All companies, both in Massachusetts and elsewhere, are required to comply with the new Massachusetts identity theft protection regulation (201 CMR 17). The regulation applies to "all persons that own, license, store, or maintain personal information about a resident of Massachusetts" and requires organizations to meet certain minimum safeguarding standards.

The 201 CMR 17 regulations require organizations to have a Written Information Security Program (WISP) that describes how the organization implements the required administrative and technical controls defined in the regulation.

Did you know?

201 CMR 17 takes effect on March 1, 2010, which gives companies just a few months to ensure they comply.

What is the definition of Personal Information?

According to the new law, Personal Information is a Massachusetts resident's first and last name or first initial and last name in combination with any one or more of the following:

· Social security number

· Driver's license number or state-issued identification card number

· Financial account number, or credit or debit card number

How does the new law apply to you?

Depending upon your firm's existing security policies and procedures, 201 CMR 17 may affect the way that your company stores employee and client information as well as the way you exchange information with vendors and clients.

Here are some steps you can take:

Conduct a Quick Risk Assessment: (select the link to download a quick assessment form)

Data Encryption: 201 CMR 17 explicitly mandates encryption of all personal information stored on laptop computers, and data at rest and in transit.  Yes, this means eMails.

Access Controls: 201 CMR 17 specifies access control measures to restrict file access to those who need such information to perform their job duties.

Audit Logs/Event Monitoring: 201 CMR 17 mandates reasonable monitoring of systems, for unauthorized use or access. Remote administration tools, including audit logs, make it possible for businesses to monitor their security and respond accordingly.

Protecting Personal Information:

The FTC has prepared a tutorial, which does a good job in describing the steps your company can take to protect personal information.  The author walks you through the five phases (1 - Take Stock, 2 - Scale Down, 3 - Lock Down, 4 - Pitch it, and 5 - Plan ahead) in an animation-like training video that is very effective.  Click here to begin the tutorial.

  To request a 201 CMR 17:00 consultation, call us at 1-978-356-8888 x227, or contact Mario@jmkssi.com for more information .

Free Web Counter
Number of guests		                                      

 

 

 

 

 

 

 
Footer