Please select a service to learn more:

Identity and Credit

Driver's Records

Criminal Records

References/Credentialing

Substance Abuse/Physicals

Global Solutions

Applicant Tracking

Solutions by Industry

Personal Background Checks

1

Please note that the Massachusetts Data Security Regulations take affect on March 1, 2010.  This impacts all employers in the state (whether they are based in the state or employ people there) that collect personal identifying information such as a person’s name and any or all of the following: Social Security Number, drivers license or state ID number, financial account or credit number.  Most employers gather at least a portion of this information during the on-boarding process and certainly need it if they conduct background checks.

In order to comply,  employers must have in place a written information security program (“WISP”) by 3/1/10.

View Press Release from MA Office of Consumer Affairs

Update:

According to Massachusetts attorney Michael S. Kraft, not only do organizations based in the state of Massachusetts need to draft a policy to protect personal information, but any business that has any employee or consumer customer located in Massachusetts.

I checked out his blog and also found other helpful advice for how employers can comply with these guidelines.

The new Massachusetts data security regulation goes into effect on Monday, March 1. If you have not yet begun to plan for the deadline, then likely either you are unaware of the requirements, or you are feeling overwhelmed by them. And who would blame you in light of the seemingly endless list of tasks:

  • Develop a written information security plan (WISP);
  • Identify all foreseeable risks in your organization by examining every nook and cranny where data enters, leaves or is stored;
  • Implement security policies and procedures and train your employees
  • Secure all paper and electronic records; provide encryption
  • Obtain written assurances from all vendors that they are compliant
  • Regularly monitor and review to insure compliance

You know that it is vitally important, both because it’s legally required and because it’s the right thing to do to protect your customers.  But where to begin? Do you need professional assistance – a lawyer or specialized IT firm to accomplish this task?  That really depends on the size and nature of your business, the data that requires protection and how much time and energy you are willing to devote to the process.  Many businesses are probably capable of accomplishing a lot on their own. For the most part, the regulation is a straightforward recitation of the tasks needed to comply. But is that the best use of your time? Noted author and business consultant Andy Birolwould caution business owners to judge very carefully those tasks that they choose to do by themselves and those that are properly delegated.

More

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...

One Response to “Massachusetts Data Security Law: Employers Take Note”

  1. Mike says:

    This is something everyone should implement.

Leave a Reply

All information contained on this website is provided by EmployeeScreenIQ solely for the convenience of the site viewers. EmployeeScreenIQ is not providing legal advice or counsel and nothing provided on this website or otherwise by EmployeeScreenIQ should be deemed as legal guidance or advice. Users are solely responsible for complying with all local, state, and federal laws relating to the use of any information provided on this website and any information products provided by EmployeeScreenIQ. Users should consult with their own legal counsel if they have questions regarding their legal responsibilities or any information provided by EmployeeScreenIQ.