Home > Thoughts > A Lawyer, an HR Expert, and an IT Guy…

A Lawyer, an HR Expert, and an IT Guy…

…walk into a seminar.

Okay.  So our punch line is weak, but the message was strong.  Last week the BCOC hosted another invaluable educational seminar at the Cummings Center.  The seminar was to introduce the new Data Security laws that require compliance by Jan. 1st, 2010.  Don’t put off compliance though because when the New Year rolls around businesses can be subject to a fine up to $50,000 for every violation.

So you are sure the Attorney General will come down hard if you don’t comply, but what are these new Data Security laws in the first place?  The laws were enacted to protect Massachusetts residents from the loss of their personal information.

The first law requires MA business owners to notify the AG, the Office of Consumer Affairs and Business Regulation, and the resident(s) affected of any unauthorized acquisition or use of an MA resident’s personal information.  That’s right.  It’s not longer an internal affair.  Don’t worry about letting the media know, they’ll be ready todispense bad PR at a moment’s notice.

The second law requires that businesses develop, implement, maintain, and monitor a comprehensive, written information security program (WISP).

According to our HR expert, you should get started now by developing your business’ Data Security Policy and setting aside time to begin informing and training employees and managers on the laws.  Everyone will need to be informed to implement compliance effectively.  God forbid there is a breach, make sure you have an Incident Response Team ready for reaction.

The real meat of the matter will be your hardware and software.  Don’t forget your shredder might not be compliant and you’ll need up-to-date firewall protection, operating system patches, and system security software like McAfee.

According to Consumer Affairs, TJX is paying $9.75 million as a result of their security breach.  So if you need more information to get started, the BCOC will be happy to point you in the right direction so we can help you prevent a crisis.

The OCABR has complied a checklist to assist you.  Check it out:

OCABR Compliance Checklist

  1. 02/23/2010 at 6:41 am

    very useful info..

  2. workingreekgirl
    02/23/2010 at 12:37 pm

    Thanks! If you have your own biz in MA, you definitely need to follow-up as the new laws become active this year.

  1. No trackbacks yet.

Whatchoo know bout it?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: