Regulation 201 CMR 17 is changing how we all will handle personal information, deal with identity theft and do business in the future. Since November 2007, there have been over 450 reported cases of stolen or lost personal information that have affected nearly 700,000 Massachusetts residents. This has prompted Massachusetts to put into law effective January 1, 2010 a comprehensive regulation regarding the collection, use, disbursement, storing and destruction of personal information. All businesses that collect personal information from residents of Massachusetts as defined in the regulation must comply, but it is important for any business, no matter where you reside to take notice and begin to plan how to protect your customers from identity theft and your business from disaster and ruin.
Securing Your Customers Personal Information
This new regulation 201 CMR 17 is the first of its kind in the country, but is a bell weather for business on how personal information will need to be handled across the nation sooner than later. The regulations mandates that any personal information collected by a company doing business with Massachusetts residents – (personal information is defined as a combination of a name along with a Social Security number, bank account number, or credit card number) be collected, handled, shared and stored using specific written guidelines in order to protect that information against theft or misuse.
It does not matter if you are a brick and mortar retail business, a web based business, a wholesale business, an attorney, a plumbing business, a mortgage broker or landscaping company. If you collect any of the personal information as defined above, you need to comply.
The new regulations require that every company develop a WISP (Written Information Security Plan) that address the secure handling of personal information that includes, but is not limited to the following:
- Collection of personal information
- Network server security and access
- Password security for office and laptop computers
- Email and encryption protocols
- Transporting of personal information
- Sharing of personal information
- Use, handling and storage of personal information
- Training of employees
Develop A Plan Now To Protect Your Customer and Business
The bottom line is that businesses should take action now to establish policies and proceedures for the handling of personal information and not wait until forced by new state or federal laws. New state regulations are in the works across the country dealing with identity theft and personal information, but why put your business and your reputation at risk waiting until the last minute.
Develop a plan now and begin to take action to protect your customer and your business. For more information on Massachusetts regulation 201 CMR 17 go to http://www.201cmr17solutions.com/. To read the new regulation go to http://www.mass.gov/Eoca/docs/idtheft/201CMR17amended.pdf.
