Do you do business in the Commonwealth of Massachusetts and handle, process or store personal information of its residents? If you do, then you need to understand and comply with Regulation 201.CMR 17.
Have you created a WISP to handle the security and safety of all Massachusetts resident personal information? If you have not, you need to!
So what does that mean and what does a business need to do to comply? The “Standards for the Protection of Personal Information of Residents of the Commonwealth” was enacted to make businesses responsible for the security and protection any and all personal information that they handle regarding a resident of Massachusetts.
Does This Affect My Business?
If your business handles, files or stores any personal information such as;
- Employee or Customer Social Security Numbers
- Credit Card Numbers
- Bank Account or other Financial Account Information
Or you perform any of the following activities;
- Process credit card or bank account numbers of Massachusetts residents
- Process mortgage or loan applications for Massachusetts residents
- Maintain payroll or health care information for employees or clients residing in Massachusetts
You need to comply with the regulation which went into effect on March 1, 2010.
How Do I Create and Implement a 201.CMR.17 Compliant Security Plan?
Depending on the size of your organization and the collection, use and storing of personal information, your company must be prepared to comply with a variety of new procedures that may impact how you do business.
The key component of 201 CMR 17 that every business must develop is a Written Information Security Plan (WISP), that will establish their policies and procedures for complying with 201 CMR 17. The Commonwealth of Massachusetts is expecting every business that handles the personal information of its citizens to review their security policies and the current state of their network security and make necessary changes in order to be compliant with the procedural and technical portions of the regulation.
To learn more about 201.CMR.17 and developing a WISP for your business you can go to Small Business Compliance Solutions CLICK HERE or visit www.BizComplianceSolutions.com for additional information. You can also visit the Commonwealth of Massachusetts Office of Consumer Affairs and Business Regulations. You can visit their website at www.mass.gov/consumer
