This link has been bookmarked by 26 people . It was first bookmarked on 09 Sep 2006, by William Woodward.
-
05 Mar 15
-
19 Aug 14
-
20 Sep 12
-
21 Nov 11
-
11 Mar 10
-
Do You Comply with the New Massachusetts Information Security Regulation?
Posted on March 11, 2010 by K&L GatesBy Bruce H. Nielson, K&L Gates Partner, Washington D.C.
What Does the Regulation Require?
Every business that “owns or licenses personal information” about a Massachusetts resident must “develop, implement, and maintain” a comprehensive written information security program (WISP). “Owns or licenses” is defined as “receives, stores, maintains, processes, or otherwise has access to personal information in connection with the provision of goods or services or in connection with employment.” “Personal information” (PI) means first name (or initial) and last name combined with a Social Security number, driver’s license or state-issued ID card number, or financial account or credit or debit card number (with or without any required password, security or access code, or personal identification number).
The WISP must contain administrative, technical and physical safeguards for PI that are “appropriate to (a) the size, scope and type of business . . .; (b) the amount of resources available . . .; (c) the amount of stored data; and (d) the need for security and confidentiality” of the PI.
-
-
08 Sep 09
-
17 Mar 09
-
24 Sep 08
-
01 Dec 06
-
15 Jun 06
-
16 Mar 06
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.