Is Your Small Business in Compliance With
Massachusetts Regulation
MA 201 CMR 17?
Do You Have a Personal Information Security Plan in Place to
Protect Your Customers and Your Business?
It Became Law Effective March 1, 2010
On September 19, 2008, the Commonwealth of Massachusetts passed regulation 201 CMR 17 in support of M.G.L. c. 93H, which had been enacted a year earlier to establish a framework for the safeguard of personal information of residents of the Commonwealth of Massachusetts. Although much of the new regulations are based on federal guidelines and Information Services "IS" best practices, there are some key differences for businesses handling the personal data of the residents of Massachusetts that will change the way businesses store and transfer personal information. This regulation was again amended in August of 2009.
The Massachusetts Office of Consumer Affairs and Business Regulations 201 CMR 17 applies to businesses in all industries, not just companies based in Massachusetts, if they handle the personal information of Massachusetts residents.
The objectives of this regulation are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.
It is a tremendous tool and set of templates for any business that gathers and maintains the personal information of prospects and customers.
How Do I Create and Implement a 201.CMR.17 Compliant Security Plan?
Depending on the size of your organization and the collection, use and storing of personal information, your company must be prepared to comply with a variety of new procedures that may impact how you do business. A key component of 201 CMR 17 is that every business must develop a Written Information Security Plan (WISP) that will establish their policies and proceedures for complying with 201 CMR 17.
We have developed a comprehensive package of guidelines, templates and critical information that will enable your business to comply with these new regulations. The MA 201.CMR.17 Small Business Compliance Toolkit is only $97.00 and will guide any small business through the process of evaluating their personal information security policies and establishing effective procedures, guidelines and documentation to comply with the new law. Saving you potentially thousands of dollars to develop.
What is the Definition of Personal Information?
According to the new law, Personal Information is a Massachusetts resident's first and last name or first initial and last name in combination with any one or more of the following:
- Social security number
- Driver's license number or state-issued identtification card number
- Financial accounts number, or credit or debit card number
How Does This New Law Apply To Me?
Depending upon your firm's existing security policies and procedures, 201 CMR 17 may affect the way that your company stores employee and client information as well as the way you exchange information with vendors and clients. There are no minimum business size requirements to be required to comply with these new laws.
Is My Business Ready for 201 CMR 17?
How Do You Handle Network Access and Passwords ? -Do you have control over the passwords used to access sensitive client data that resides on your computer network? Do you restrict access to this sensitive information on a “Need to Know” basis? Or are you wide open? Are you sure your Firewall, Antivirus, and Malware software are functioning properly and updated regularly.
Does Your Company Have an Implemented WISP? - WISP "Written Information Security Plan", is a vital and required component to comply with 201 CMR 17. This comprehensive plan establishes the polices and proceedures necessary to ensure the protection of your customers or clients Personal Information.
What Happens When Someone is Terminated? - Is there a procedure in place that properly restricts a terminated employee from gaining access to your client files?
What is Your Disposal Proceedure for Personal Information? - Do you properly dispose of sensitive data and personal information when it is no longer appropriate to store this information?
Do You Encrypt Email That Includes Personal Information? -Do you encrypt email that contains sensitive information (ie. a first name or initial with last name combined with a social security number, drivers license #, state issued ID card, credit card, debit card or financial account.)?
ONLY $97.00 For Complete Toolkit
201 CMR 17 Compliance Toolkit Is Your Solution!
Comprehensive WISP Business Compliance Template - SBCS has developed a customizable template to guide you and your team in the development of your required Written Information Security Plan that is fully compliant with 201 CMR 17. This template covers all of the required information that you need to implement as part of you company's compliance with 201 CMR 17.
Employee WISP Documentation - Every employee must review and sign a copy of your company WISP as part of 201 CMR 17. SBCS has developed customizable employee WISP "Written Information Security Plan" document that can be used for training, verificication and support that your employees have reviewed and agreed to comply with your new policies and proceedures regarding the handling and security of personal information.
Data Security Coordinator Guide and Checklist - This vital information will assist you in designating and supporting your Data Security Coordonator as requred in 201 CMR 17. Your DSC will also have access to additional information and tools to help train employees and implement your plan.
Secure Server and Network Compliance - 201 CMR 17 Compliance Toolkit includes guidelines and suggestions to help you and your IT professional comply with these new regulations and maintain a secure data environment for personal information. SBCS has done the work so your IT professional will not have to spend extra time and your money developing a plan.
ONLY $97.00 For Complete Toolkit
Additional Features of Your Compliance Toolkit!
Effective Password and Encryption Guidelines - Your Compliance Toolkit includes guideles and information to review, implement and train your team with a compliant plan regarding the creation, handling and security of passwords, as well as proper use of encryption protocols when handling personal information.
Handling and Storage of Personal information - Your Compliance Toolkit and WISP template will establish effective and compliant guidelines for the handling and storage of personal information by both your employees and any third-party company's that may be required to to have access to information under your control.
Taining and Support - As part of the Complinace Toolkit you will be updated with the latest compliance changes, as well as products, tools and information to help you cost effectively manage and control the collection, access and storage of personal information.
Employee Documentation and Training - Your Compliance Toolkit gives you the tools and information to effectively develop an employee awareness and training strategy as well as the proper documentation required to be in compliance with 201 CMR 17 regarding your employees.
ONLY $97.00 For Complete Toolkit
Improper Handling of Personal Information Could
Cost You Your Business!
Protect Your Customer Against Identity Theft - The proper collection, handling and storage of personal information will help ensure that your customer's information remains safe and secure. The theft of personal information due to lack of proper safeguards and proceedures has cost company's millions in lost business, fines, reputation and the trust of their customers.
Improper Disposal Can Be Costly - Any organization that violates Chapter 93I (improper disposing of sensitive information) faces a civil fine of up to $100 per affected person, with a total possible fine of $50,000 for each instance of inproper disposal.
Business Are Responsible for Protecting Personal Information - Failure to comply with Chapter 93H or 93I may subject the offender to a suit by the Attorney General under Chapter 93A, the consumer protection law. Violations may
mean triple damages, as well as attorneys’ fees and legal costs.
ONLY $97.00 For Complete Toolkit
201 CMR 17 Small Business Compliance Toolkit
The safe and secure collection, handling, distribution and storage of personal information
is not only" the law", but "good business".
The Business Compliance Toolkit is a cost effective solution to guide your companyto develop
and implement an effective plan for the the and secure handling of personal information
Order Your 201 CMR 17
Business Compliance Toolkit
Now for ONLY $97.00
Business Compliance Toolkit
Now for ONLY $97.00