Powered by Bitpipe SAP Research Library

 RESEARCH LIBRARY HOME   WHITE PAPERS   PRODUCTS   MULTIMEDIA 
SEARCH the Research Library: HELP   |  WHAT'S POPULAR
Massachusetts Data Protection Law: 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth
sponsored by Lumension

In the first ten months after a new Massachusetts identity theft law took effect in late-2007, the Office of Consumer Affairs and Business Regulation reported that over 625,000 residents of the Commonwealth had been directly impacted by a data breach of their personally identifiable information (PII). Of these, about 60% were the result of criminal / unauthorized acts and the remainder due to employee error or "sloppy internal handling" of PII. To help mitigate the negative impacts of this ID theft problem, Massachusetts passed a new law that requires any organization that "owns, licenses, stores, or maintains personal information about a resident of the Commonwealth" to follow a comprehensive set of information security requirements.

This new set of regulations (201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth), initially released in September 2008 and then updated in early 2009, defines personal information as first name (or initial) and last name in combination with one or more of the following: SSN; driver’s license or state-issued ID card number; financial account number, credit or debit card number, with or without any required security code, access code, PIN or password. [There is an exception for publicly available information.] It takes state data protection laws into some unprecedented areas, such as mandating the use of encryption to protect PII (whether in transit or at rest) and the use of regularly patched and up-to-date OS, anti-virus / anti-malware, and firewall software.

According to section 17.01(2), the provisions of this regulation apply "to all persons who own, license, store or maintain personal information about a resident of the Commonwealth." This means all businesses, be they in-state or out-of-state, which store personal information about a resident in the state of Massachusetts will need to implement a comprehensive information security program.

Read this whitepaper to learn more about the new regulations in Massachusetts and what they mean to your organization.

(THIS RESOURCE IS NO LONGER AVAILABLE.)
 
Available Resources from Lumension
Reduce the Cost to Achieving HIPAA Security Compliance with Lumension® Solutions
sponsored by Lumension
White Paper: |  Posted: 19 Oct 2009
Published: 19 Oct 2009
Summary: Healthcare organizations face a host of HIPAA Security Rule compliance challenges with the move to put patient medical records online. Lumension helps organizations address these compliance challenges by providing the proactive IT risk management and the required audit readiness to meet many aspects of the HIPAA Security Rule.

Library Home |  White Papers |  Products |  Multimedia |  Partner with Us
 
Bitpipe Definitions: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other
What's Popular at Bitpipe? Daily Top 50 Reports | Daily Top 100 Topics | Popular Report Topics | Popular Product Topics
SAP Research Library Copyright © 1998-2009 Bitpipe, Inc. All Rights Reserved.
Designated trademarks and brands are the property of their respective owners.
Use of this web site constitutes acceptance of the Bitpipe Terms and Conditions and Privacy Policy.
webmaster@techtarget.com