Written by Cynthia J. Larose and Adam Veness Last October, a Maloney Properties, Inc. (“MPI”) company laptop was stolen containing unencrypted personal information, including social security numbers, for over 600 Massachusetts residents. Shortly after the incident, MPI sent letters to customers alerting them of the incident and related data breach. As a result of that… Continue Reading
Tag Archives: Massachusetts Data Security Regulations
Massachusetts Businesses Face Two New Challenges on Data Security
Posted in 201 CMR 17.00, Class Action Litigation, Data Compliance & SecurityA cross-post from our friends at the Associated Industries of Massachusetts – and important reading, given that March 1st is Thursday. Employers Face Two New Challenges on Data Security
Into the Breach – Security Failures Can Cost You
Posted in 201 CMR 17.00, Data Breach, Data Compliance & SecurityOnce again, we have evidence that failures to implement the most basic of data security measures can cost real money. The Massachusetts Attorney General’s office announced a consent order that fines a Boston restaurant group $110,000 and imposes a set of compliance measures that will also carry a price tag. Despite many headlines trumpeting the “first enforcement action,” this action… Continue Reading
Federal Trade Commission receives large number of public comments
Posted in UncategorizedAttorneys General of 14 states ask FTC not to reduce state privacy powers in any privacy framework or regulations. California did not participate.
Data Breach at NYC “Hop-on, Hop-off” Tour Company — 110,000 credit card numbers stolen
Posted in 201 CMR 17.00, Data Breach, Data Breach Notification, Data Compliance & SecuritySince March 1, 2010, privacy professionals have been waiting for a data breach that could bring an enforcement action under 201 CMR 17.00, the Massachusetts privacy regulations. I just spoke with Paul Roberts, editor of threatpost.com, a blog that posted an entry yesterday regarding a breach that could do just that. Twin America LLC, the parent company of… Continue Reading
July 13 Data Security Workshop – FREE
Posted in Data BreachOn July 13, Mintz Levin will be joined by Sophos, Six Weight Consulting, and MFA Cornerstone Consulting to hold a free compliance workshop focused on both the gaps and overlap of Massachusetts’ data protection regulation 201 CMR 17.oo and the recent updates to federal health and medical data privacy found in the HITECH Act. We’ll… Continue Reading
Massachusetts Data Security Compliance Workshop
Posted in Data Compliance & SecurityIn case your data security compliance plan is stuck in neutral, you have questions, or you haven’t started yet…there will be a free (!) breakfast hands-on workshop on Thursday in Tewksbury, MA. “Massachusetts Data Protection Law: Demystifying the Details” is being sponsored by the Merrimack Valley Venture Forum. The Merrimack Valley Venture Forum has assembled… Continue Reading
Today is the day……
Posted in Data Compliance & SecurityAfter implementation delays and rule changes, new data protection regulations that are widely considered the most stringent in the nation take effect today. The Massachusetts data security regulations require institutions that hold personal data on Massachusetts citizens to encrypt that information and implement written data protection policies, reports the Boston Globe. Discussion continues and questions… Continue Reading
Top 3 questions relating to compliance with 201 CMR 17.00
Posted in Data Compliance & SecurityAt the beginning of the “countdown” to the March 1st effective date of 201 CMR 17.00, we offered some posts with “misapprehensions” and compliance suggestions (see 16 Days to March 1….. and Countdown to compliance with 201 CMR 17.00…..11 days). Here are some questions that have been reoccurring over the last few weeks: 1) What… Continue Reading
And, it’s Friday, February 26th……
Posted in Data Compliance & SecurityAnd that means today is the last business day before the new Massachusetts data security regulations go live– as Jim Cramer would say, “That’s 201 CMR 17.00 for all you home gamers.”
T Minus 10,080 Minutes and Counting…..
Posted in Employee PrivacyWe have just one week to go before all entities that own, store, license — or basically do anything with — personal information of Massachusetts residents must comply with the Commonwealth’s new data security regulations. Things to consider: Have you done your risk assessment? Looked at what you collect and how you collect and how… Continue Reading
Countdown to compliance with 201 CMR 17.00…..11 days
Posted in Data Compliance & SecurityAs we approach the 10 day mark to the March 1 effective date of the Massachusetts data security regulations, 201 CMR 17.00, we thought that we would share another misapprehension in the ever-growing list. “I ordered one of those $99 “Compliance Kits” from the Internet, and they say that they will “certify” that I am… Continue Reading
16 Days to March 1…..
Posted in Data Compliance & SecurityJust in case you missed it, March 1 is the deadline for compliance with 201 CMR 17.00, the new Massachusetts data security regulations, and we published a client alert last week as a “reminder”… Privacy and Security Alert. In addition to the top five “misapprehensions” about the applicability of the new regulations that we included… Continue Reading
27 days and counting…
Posted in Data Compliance & SecurityMarch 1st is the deadline for compliance with the Massachusetts data security regulations, 201 CMR 17.00. We have blogged incessantly for months about the need to get compliance programs into gear and develop information security plans as required by the regulations. The time is here. If you are one of the procrastinators (and, you are… Continue Reading
Data Privacy Day – Tip #4 – Transactional Best Practices for Lawyers
Posted in Employee PrivacyWritten by Michael Arnold and Jennifer Rubin Even though lawyers working on both sides of an M&A transaction during the due diligence phase might immerse themselves in a “confidentiality bubble”, they still must be careful not to disclose or access confidential employee information in the course of that transaction. Attorneys evaluating potential transactions might be… Continue Reading
Happy Data Privacy Day! Tip #1
Posted in Data Compliance & SecurityToday is worldwide Data Privacy Day. What is your company doing to promote data privacy and security in your enterprise? I’ll be participating in a KnowledgeNet in Boston, sponsored by the International Association of Privacy Professionals. The discussion topic is Privacy Awareness and Training. And don’t forget, the March 1 deadline for compliance with the… Continue Reading
Massachusetts Attorney General proposes privacy regulations to apply to her office
Posted in Data Compliance & Security, LegislationWritten by Cynthia and Elissa An oft-cited criticism of the Massachusetts data security regulations (201 CMR 17.00), effective March 1, 2010, is that the regulations specifically do not apply to government entities — the only reason being that the Office of Consumer Affairs and Business Regulation does not have the authority or jurisdiction to enact… Continue Reading
From Privacy Academy – The Seven Step Program
Posted in Data Compliance & SecuritySounds like common sense, but it is food for thought — and will be required under new Massachusetts data security regulations: The seven easy ways to protect PC based information from theft The proliferation of Personal Storage Devices (thumb drives, iPods, USB external hard disks, etc.) and simple remote access has created unprecedented levels of… Continue Reading
Changes to the Massachusetts Data Security Regulations: What do they really mean?
Posted in LegislationNow that the dust has settled after this week’s “Breaking News” regarding the proposed changes to the Massachusetts data security regulations, here is an analysis of what the changes actually mean to the business community. Some other interesting commentary is linked below: Evan Schuman – Storefront Backtalk
BREAKING NEWS – Changes to 201 CMR 17.00
Posted in LegislationJust released – proposed amendments to the Massachusetts data security regulations — and a three-month extension of time to comply. Stay tuned for a full analysis.
To Encrypt or Not To Encrypt…….An Incentive Rather than a Mandate From Michigan
Posted in Data BreachAdd Michigan to the list of states that are proposing that adoption of comprehensive data security safeguards will provide a safe harbor for data breaches. The Information Security Program Standards Act introduced last week differs a bit from Massachusetts and Nevada (and other pending legislation) in that it would not require the implementation of detailed… Continue Reading
Massachusetts Data Security Standards vs. New HIPAA Guidelines
Posted in Data Compliance & SecurityHere’s a link to an article (by the author of this blog…) comparing the Massachusetts data security standards (effective January 1, 2010) to the Department of Health & Human Services Guidelines promulgated under the new HITECH Act (effective in mid-September). Compliance challenges are coming on all fronts — and it’s best not to duplicate… Continue Reading
Seminar today on compliance with Massachusetts Data Security Regulations
Posted in Data Compliance & SecurityTwitter feed from the event — http://twitter.com/ITcompliance