If you haven’t yet caught up with the new HIPAA Omnibus Rule and its consequences for those businesses who are not themselves healthcare providers, but are service providers to healthcare entities (and even further downstream than that….), you can take a listen to our recent webinar highlighting the most important changes and issues. A recent… Continue Reading
Tag Archives: 201 CMR 17.00
Data Privacy Day 2013 – Tip #2 – Dust off your information security policy (or start putting one in place…)
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Regulation, SecurityWritten by Amy Malone Do you have a comprehensive information security program? Many businesses are still operating without one, leaving them open to preventable data breaches. The importance of info security programs was yet again underscored by the recent settlement between Cbr Systems and the Federal Trade Commission regarding a breach that affected 300,000 consumers…. Continue Reading
Data Privacy and Security Issues for the Nonprofit
Posted in Data Compliance & Security, Privacy Regulation, SecurityCan your organization answer “yes” to any of the following questions? Does your organization have personal information (credit card numbers, checks, other financial information) from donors? Does your organization have employees or volunteers for whom you have Social Security numbers? Has your organization signed a merchant agreement to be able to accept credit cards? Do… Continue Reading
Massachusetts Attorney General Data Breach Investigation Results in $15,000 Settlement with Property Management Firm
Posted in 201 CMR 17.00, Data Breach, Data Breach Notification, Data Compliance & Security, Privacy RegulationWritten by Cynthia J. Larose and Adam Veness Last October, a Maloney Properties, Inc. (“MPI”) company laptop was stolen containing unencrypted personal information, including social security numbers, for over 600 Massachusetts residents. Shortly after the incident, MPI sent letters to customers alerting them of the incident and related data breach. As a result of that… Continue Reading
Massachusetts Businesses Face Two New Challenges on Data Security
Posted in 201 CMR 17.00, Class Action Litigation, Data Compliance & SecurityA cross-post from our friends at the Associated Industries of Massachusetts – and important reading, given that March 1st is Thursday. Employers Face Two New Challenges on Data Security
New Year’s Resolutions – Privacy & Security
Posted in 201 CMR 17.00, Data Breach, Data Compliance & Security, HIPAA/HITECH, Identity Theft, Privacy Regulation, Secure Traveling, SecuritySince it’s traditionally the time for new beginnings and resolutions to clear away old habits, we’d like to pass on some tips for improving privacy and security in your operations — and in your own life — in 2012. 1. Be sure to secure. Many data breaches occur by leaving sensitive information lying around the… Continue Reading
Privacy “Webinar Wednesday” Series
Posted in Data Compliance & SecurityLast week, we introduced the “Privacy Webinar Wednesday” educational series with Data Privacy and Security Issues for the Not-for-Profit: 201 CMR 17.00, PCI, and Other Acronyms You Should Know. It was incredibly well-received – over 150 registrants. We’ll be presenting various privacy and security issues on the first Wednesday of the month. In case you… Continue Reading
REMINDER: Webinar Wednesday – Data Privacy and Security Issues for Non-Profit
Posted in Data Compliance & SecurityDon’t forget to register for our first in the Webinar Wednesday Privacy series – Data Privacy and Security Issues for Non-Profits. We have over 100 participants registered! Join us and learn about compliance obligations of non-profit institutions and organizations and what to do to prepare for the inevitable data breach. The second part of the session will feature… Continue Reading
Data Privacy and Security for the Not-for-Profits
Posted in UncategorizedWe’re conducting a webinar on May 4th on data privacy and security issues as they affect not-for-profit institutions. Registration is here.
Into the Breach – Security Failures Can Cost You
Posted in 201 CMR 17.00, Data Breach, Data Compliance & SecurityOnce again, we have evidence that failures to implement the most basic of data security measures can cost real money. The Massachusetts Attorney General’s office announced a consent order that fines a Boston restaurant group $110,000 and imposes a set of compliance measures that will also carry a price tag. Despite many headlines trumpeting the “first enforcement action,” this action… Continue Reading
Data Breach at NYC “Hop-on, Hop-off” Tour Company — 110,000 credit card numbers stolen
Posted in 201 CMR 17.00, Data Breach, Data Breach Notification, Data Compliance & SecuritySince March 1, 2010, privacy professionals have been waiting for a data breach that could bring an enforcement action under 201 CMR 17.00, the Massachusetts privacy regulations. I just spoke with Paul Roberts, editor of threatpost.com, a blog that posted an entry yesterday regarding a breach that could do just that. Twin America LLC, the parent company of… Continue Reading
Quick Compliance Survey
Posted in Data BreachNo, we’re not “taking names” here. This is just a 10-question survey to gauge some basic compliance metrics. Please participate! Click here to take survey
Massachusetts Data Security Compliance Workshop
Posted in Data Compliance & SecurityIn case your data security compliance plan is stuck in neutral, you have questions, or you haven’t started yet…there will be a free (!) breakfast hands-on workshop on Thursday in Tewksbury, MA. “Massachusetts Data Protection Law: Demystifying the Details” is being sponsored by the Merrimack Valley Venture Forum. The Merrimack Valley Venture Forum has assembled… Continue Reading
Today is the day……
Posted in Data Compliance & SecurityAfter implementation delays and rule changes, new data protection regulations that are widely considered the most stringent in the nation take effect today. The Massachusetts data security regulations require institutions that hold personal data on Massachusetts citizens to encrypt that information and implement written data protection policies, reports the Boston Globe. Discussion continues and questions… Continue Reading
Top 3 questions relating to compliance with 201 CMR 17.00
Posted in Data Compliance & SecurityAt the beginning of the “countdown” to the March 1st effective date of 201 CMR 17.00, we offered some posts with “misapprehensions” and compliance suggestions (see 16 Days to March 1….. and Countdown to compliance with 201 CMR 17.00…..11 days). Here are some questions that have been reoccurring over the last few weeks: 1) What… Continue Reading
And, it’s Friday, February 26th……
Posted in Data Compliance & SecurityAnd that means today is the last business day before the new Massachusetts data security regulations go live– as Jim Cramer would say, “That’s 201 CMR 17.00 for all you home gamers.”
T Minus 10,080 Minutes and Counting…..
Posted in Employee PrivacyWe have just one week to go before all entities that own, store, license — or basically do anything with — personal information of Massachusetts residents must comply with the Commonwealth’s new data security regulations. Things to consider: Have you done your risk assessment? Looked at what you collect and how you collect and how… Continue Reading
Countdown to compliance with 201 CMR 17.00…..11 days
Posted in Data Compliance & SecurityAs we approach the 10 day mark to the March 1 effective date of the Massachusetts data security regulations, 201 CMR 17.00, we thought that we would share another misapprehension in the ever-growing list. “I ordered one of those $99 “Compliance Kits” from the Internet, and they say that they will “certify” that I am… Continue Reading
16 Days to March 1…..
Posted in Data Compliance & SecurityJust in case you missed it, March 1 is the deadline for compliance with 201 CMR 17.00, the new Massachusetts data security regulations, and we published a client alert last week as a “reminder”… Privacy and Security Alert. In addition to the top five “misapprehensions” about the applicability of the new regulations that we included… Continue Reading
27 days and counting…
Posted in Data Compliance & SecurityMarch 1st is the deadline for compliance with the Massachusetts data security regulations, 201 CMR 17.00. We have blogged incessantly for months about the need to get compliance programs into gear and develop information security plans as required by the regulations. The time is here. If you are one of the procrastinators (and, you are… Continue Reading
Happy Data Privacy Day! Tip #1
Posted in Data Compliance & SecurityToday is worldwide Data Privacy Day. What is your company doing to promote data privacy and security in your enterprise? I’ll be participating in a KnowledgeNet in Boston, sponsored by the International Association of Privacy Professionals. The discussion topic is Privacy Awareness and Training. And don’t forget, the March 1 deadline for compliance with the… Continue Reading
Data Security Roundtable
Posted in Data Compliance & SecurityHere is a link to a couple of segments of a data security roundtable I participated in not long ago:http://www.businesswire.com/portal/site/home/permalink/?ndmViewId=news_view&newsId=20091222005345&newsLang=en Some very interesting discussions with folks who are on the cutting edge of data security. I’ll post the other segments as they are released.
Massachusetts Attorney General proposes privacy regulations to apply to her office
Posted in Data Compliance & Security, LegislationWritten by Cynthia and Elissa An oft-cited criticism of the Massachusetts data security regulations (201 CMR 17.00), effective March 1, 2010, is that the regulations specifically do not apply to government entities — the only reason being that the Office of Consumer Affairs and Business Regulation does not have the authority or jurisdiction to enact… Continue Reading
Check your employee handbook – what you might think is fraud and abuse may not be a federal case….
Posted in Data Compliance & SecurityMy colleagues over at the Employment Matters blog report on an interesting decision drawing attention to the need for clear and explicit policies regarding “acceptable use” of computers and company information and the absolute necessity to terminate access once an employee or contractor is terminated. Particularly in light of the upcoming Massachusetts data security regulations,… Continue Reading