An onslaught of security breaches has prompted several states including Massachusetts to strengthen their data security regulations for businesses.
Companies in Massachusetts that have personal information on even one state resident must now furnish proof to the state government that they are in compliance with data security standards, under the amended law that went into effect today, an
article on Fosters.com states.
“By March 1, no matter where they're based, all companies who hold sensitive personal information on one or more Massachusetts citizens must have a written Information Security Program (ISP),” author Warren Mackensen writes. “These companies must also implement other safeguards that require thorough IT environment reviews.”
Companies that do not furnish the information to the state or which do not meet compliance “may face severe consequences including lawsuits, costly fines, and loss of clients.”
“The Massachusetts data privacy law, the strictest of any state, will likely become the standard for the nation, significantly impacting the way client personal information is handled in the future,” Mackensen writes. “It's critical that professionals who work with client personal information, including IT consultants, CPAs, attorneys, mortgage companies, financial advisors and others, develop an Information Security Plan that outlines specific, proactive steps to follow that will ensure they're in compliance.”
Some business software developers are already updating their solutions to help their clients in meet compliancy with the amended regulation: For example, Application Security (
News -
Alert) Inc., a provider of database security, risk and compliance solutions for the enterprise, today
announced a critical update for its AppDetectivePro for auditors and IT advisors and DbProtect for the enterprise in response to the Massachusetts Data Privacy Law 201 CMR 17.
SUBSCRIPTIONS
TMCnet LOGIN
WEBINARS
