Add To Favorites
Send To A Friend
As of March 1, 2010, the Commonwealth of Massachusetts made effective a new law that mandates ANY business storing or transmitting personal information of a Massachusetts resident MUST have a written security plan that details how that information will be protected from theft or loss and implement a program that effectuates same. The new regulation adopts a risk-based approach to information security which is designed to be flexible while directing businesses to establish a written security program that takes into account the particular business's size, scope of business, amount of resources and the need for security.
WHY did the state do so? One reason is that the statistics compiled since October 31, 2007 showed the following: (a) almost 40% of all security breaches in the past 2 years in this state were due to "employee mistakes" NOT hackers; (b) almost 76% of all security breaches were due to the loss of electronic information NOT paper documents; and, (c) almost 56% of all security breaches were in the commercial sector.
The impact of these statistics was that over 1,000,000 Massachusetts residents had their personal information mishandled resulting in identity theft or fraud against them during the past 2 years. That is the carrot to change the way you do business. So what is the stick? Your company must be compliant. What if you don't? The penalties include injunctions against your business, restitution, costs of the investigation & litigation by the Attorney General [including attorneys fees], $5,000 per violation, treble damages under GL. c 93A, possible loss of your insurance coverage, and damage to your reputation.
Our firm has developed a security compliance plan that will assist you to institute a compliance program that works specifically for your company. An assessment of your current practices NOW, to ensure your company's compliance, constitutes less risk and will be much more cost effective than trying to implement a program AFTER a breach has occurred.
Call our office today and ask about our Personal Information Security Program.
