Follow Up on Massachusetts Data Privacy Law

Nick Fishman

Massachusetts attorney Michael S. Kraft was kind enough to correct me on the entry I posted last week about the state’s new data security regulations.  According to Mr. Kraft, not only do organizations based in the state of Massachusetts need to draft a policy to protect personal information, but any business that has any employee or consumer customer located in Massachusetts.

I checked out his blog and also found other helpful advice for how employers can comply with these guidelines.

The new Massachusetts data security regulation goes into effect on Monday, March 1. If you have not yet begun to plan for the deadline, then likely either you are unaware of the requirements, or you are feeling overwhelmed by them. And who would blame you in light of the seemingly endless list of tasks:

  • Develop a written information security plan (WISP);
  • Identify all foreseeable risks in your organization by examining every nook and cranny where data enters, leaves or is stored;
  • Implement security policies and procedures and train your employees
  • Secure all paper and electronic records; provide encryption
  • Obtain written assurances from all vendors that they are compliant
  • Regularly monitor and review to insure compliance

You know that it is vitally important, both because it’s legally required and because it’s the right thing to do to protect your customers.  But where to begin? Do you need professional assistance – a lawyer or specialized IT firm to accomplish this task?  That really depends on the size and nature of your business, the data that requires protection and how much time and energy you are willing to devote to the process.  Many businesses are probably capable of accomplishing a lot on their own. For the most part, the regulation is a straightforward recitation of the tasks needed to comply. But is that the best use of your time? Noted author and business consultant Andy Birol would caution business owners to judge very carefully those tasks that they choose to do by themselves and those that are properly delegated.

More

Nick Fishman
Follow Me

Nick Fishman

Nick Fishman is the co-founder of EmployeeScreenIQ, a leading, global employment background screening provider, and serves as the company’s executive vice president and chief marketing officer. He pioneered the creation of EmployeeScreen University, the #1 educational resource on employment background checks for human resources, security and risk management professionals. A recognized industry expert, Nick is a frequent author, presenter and contributor to the news media. Nick is also a licensed private investigator in the states of Ohio and Texas.
Nick Fishman
Follow Me
Tweet
Share
Email
Share