|
In September 2008, Massachusetts enacted a sweeping new privacy law to protect the personal information of Massachusetts residents. If you do business with residents of Massachusetts or have employees that reside in Massachusetts, you must comply no later than March 1, 2010.
What are the key requirements?
The Massachusetts law is the first in the nation to require specific technology when protecting personal information. Both "data at rest" and "data in transit" over a public network, such as the Internet, that contain personal information must be encrypted.
Personal information is defined as a Massachusetts resident's name in combination with one of the following – with or without a security code, access code, PIN, or password that would permit access to a resident’s financial account:
- Social Security number
- Driver's license number or state-issued identification card number
- Financial account number or credit/debit card number
What organizations are impacted?
This new legislation affects all organizations
who own or license personal information of Massachusetts residents — regardless of the size or location of the business. And, organizations must require and oversee that third-party service providers with access to personal information also comply with the new law. Organizations affected include:
- Businesses that track customers by account numbers (such as healthcare institutions and related vendors)
- Retailers that accept credit cards for purchases by Massachusetts customers
- Financial institutions (such as banks, insurers, or brokerages) with customers residing in Massachusetts
- Companies with branch offices located in Massachusetts
What should you do next?
Read the press release from the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) which delays the effective date of the new law until March 1, 2010.
Download a complete copy of the Massachusetts Privacy Law and the 201 CMR 17.00 FAQ from the Massachusetts OCABR to assess the impact on your organization.
If you are a small business, review the small business checklist published by the Massachusetts Office of Consumer Affairs and Business Regulation (OCBAR) and the Small Business Guide for Formulating a Comprehensive Written Information Security Program.
Join a discussion group on LinkedIn between vendors and organizations
that need to comply with the new standard.
How can we help?
Coviant Software offers a suite of secure file transfer management products that encrypt your data before, during, and after transit. Download a Massachusetts Privacy Law Solution Brief or click below to start a free trial of Basic Edition, Standard Edition, or Enterprise Edition now. Or, contact us at 781.534.5166 for more information or to request a quote.
| Basic Edition |
Turn-key automation of
business-to-business secure file transfers. |
Starts at $295 |
Standard
Edition |
Customizable file transfer management with
rapid problem notification and resolution. |
Starts at $1,995 |
| Enterprise Edition |
Efficient control of business-critical
secure file transfer environments. |
|
|
