If you live or own a business in the State of Massachusetts you are probably well aware that beginning on March 1st, a new law takes effect which requires all companies to show they have implemented a technology plan that will safely and securely protect Personal Individual Information (PII) which includes: Last Name, Social Security Number, Driver’s License Number, Bank Account Number, Credit or Debit Card Number within electronic files or databases. Key provisions of the law direct companies that store Massachusetts tax payers’ PII to:
- Limit the amount of personal information collected, how long it is kept, and restrict access on a need-to-know basis;
- Identify records containing personal information, or treat all records as if they did;
- Regularly monitor employee access to personal information;
- Assess internal and external security risks and the effectiveness of current safeguards, upgrading as necessary;
- Prevent terminated employees from gaining access to personal information;
- Ensure service providers are capable of protecting personal information, contractually bind them to do so, and have them certify that they have a compliant written information security program.
Enforcement of 201 CMR 17 takes effect on March 1, 2010. If your business hasn’t yet taken steps to comply with the new Massachusetts’ PII laws, there is still some time. NuTech, in conjunction with StoredIQ and other technology partners are sponsoring a free luncheon on the Massachusetts Privacy Law on Thursday, January 28th in Boston.
Guest Speakers include:
- Diane Lawton, General Counsel, Office of Consumer Affairs and Business Regulation
- Gerry Young, CIO Secretariat, Office of Consumer Affairs and Business Regulation
For more information or to register for the event, visit the event page. Or, if you can’t attend the luncheon, download StoredIQ’s MA PII industry snapshot for information on how StoredIQ’s Information Governance solution can help your organization comply with Massachusetts new PII standards.
