We have just one week to go before all entities that own, store, license — or basically do anything with — personal information of Massachusetts residents must comply with the Commonwealth’s new data security regulations. Things to consider:
- Have you done your risk assessment? Looked at what you collect and how you collect and how it is transmitted through and outside your organization?
- Have you reached out to service providers that may have access to PI of your employees/customers?
- Is your written information security plan in place, or at least have you started pulling together the various policies and processes (“P&P”) that would make up a “written information security plan”? Is the plan tailored to your actual P&P and, thus an accurate representation of what your business really does (and not a template with [insert company name here])?
- Have you thought about employee security awareness training?