Every organization who collects, owns or licenses personal information about a resident of Massachusetts will have to be in full compliance with 201 CMR 17.00 on or before March 1, 2010.
The term “personal information” is defined so broadly that nearly every Massachusetts business must comply with the regulations.
Specifically, personal information is defined as an individual’s name, accompanied by one or more of the following:
- Social Security number,
- driver’s license,
- state ID number, or
- financial account number (bank accounts, credit cards).
It is hard to imagine any Massachusetts businesses that do not handle or maintain personal information!
The central requirement is the development of a written comprehensive information security program that describes how the business safeguards personal information. The program needs to address such things as security policies of the business relating to the storage, access and transportation of records containing personal information, and computer system security measures such as password protection and encryption of portable devices.
To its credit, the state has amended the regulations to add flexibility for compliance by small businesses. Nevertheless, they represent a burden (both financial and operational) for most businesses.
Fortunately, there is a cost effective solution!
|The 201 CMR 17.00 & ISO 27001 Toolkit
The Toolkit will save you months of work, help you avoid costly trial-and-error dead-ends, and ensure everything is covered to current 201 CMR 17.00 / ISO 27001 standard.
ISO 27001 directly covers 95% of the 201 CMR 17.00 requirements without modification and with a few specific requirements added to support the prescriptive requirement to encrypt personal information, ISO/IEC 27001:2005 provides a truly comprehensive information security program that will stand-up to the next round of state and/or federal regulations.
Find out what’s included in this toolkit and begin your journey to compliance today!
If you have already invested in ISO 27001 compliance or certification, avoid regulatory noncompliance with the 201 CMR 17.00 upgrade toolkit.