Massachusetts Privacy Law

Resources

comment 1 Comment

By Boston Document Shredder

Massachusetts Privacy Laws 201-CMR-17

Published by Document Shredding in Document ShreddingMassachusetts privacy law calls for tighter information security. November 25th, 2008[NOTE: New information is available at this link about the Massachusetts Privacy Law, which has evolved since this original The Commonwealth of Massachusetts enacted a law in September protecting state citizens’ personal information. Originally scheduled for January 1, 2009, the law will now take effect for all Massachusetts businesses and third-party providers beginning May 1, 2009, with other requirements coming into effect January 1, 2010. The law intends to protect employees’ personal information from unauthorized access and possible exploitation.

Personal information to be protected includes a person’s name and address, combined with a complete social security number, driver’s license or another state-issued number, and complete credit card or bank account numbers.

Companies that do keep this information will need to take some prescribed steps toward compliance. They must:

  1. Establish written policies and procedures for the protection of these files, both in electronic and physical formats.
  2. Be able to justify the need for all such information kept in-house. Obviously, employee data is needed for the tax, 401K, and insurance withholdings. But for client records is it possible to only maintain the last four digits of a credit card number?
  3. Establish robust user password requirements for the designated employee(s) to gain access to these files.
  • The most complex frequently changed password complexities possible should be in place for employees accessing this data.
  • Companies need to review who can access these now-protected files.
  • It is advised to minimize the number of staff who would have this access.
  • Companies should also consider implementing auditing tools that track who, when and what personal information was accessed.
  • Put in place a personal information security officer responsible for maintaining, updating, and training company employees about personal information protection policies.
  • Make sure disciplinary measures for violations are in place.
  • Maintain hard copy files of personal information in always-locked files, with only the minimum of access by designated employees.
  • Have in place enterprise security tools, firewalls, then server and workstation malware, and antivirus protection, which are current and can be automatically updated on a regular basis.
  • Consider outsourcing this risk whenever possible – for example, transferring the responsibility for maintaining employee personal information to a certified online personal records service provider. Consider using a certified credit card processing service, with your company only inputting, but not being able to record, client credit card information. 3rd party certifications for 201 CMR 17.00 must be in place before January 1st, 2010.
  • Ensure that any electronic communication of this protected data, whether wireless or online, be conducted using robust encryption.
  • Ensure that any storage of this protected data on laptops is robustly encrypted by May 1, 2009. Protected data stored on PDAs, memory sticks, CDs, or other portable devices must be encrypted by January 1, 2010.
  • Minimize the amount and the duration of time personal information is stored. Companies should regularly review the protected data it maintains and purge all but what was absolutely necessary to keep on file.

Security threats continue to rise, and lost information can be devastating to companies and can be an indicator that fraud is being perpetrated. As the new Massachusetts law dictates, companies that hold such information will have to take appropriate measures to safeguard privacy. To Protect your consumer privacy, all documents must be shredded, try our economy document shredding service:


Best Document Shredding Service
best shredding service

author avatar
Boston Document Shredder Editor
In today’s digital age, the risk of identity theft and consumer fraud looms larger than ever, especially when outdated personal and confidential documents are carelessly discarded into household trash. This oversight has fueled an alarming rise in identity theft, transforming it into a widespread epidemic across Massachusetts communities. Recognizing the urgent need for proactive measures, we spearhead Community Shredding events in key locations like Boston and Lowell, MA, where our influence is palpable. Our Community Shredding events are meticulously designed to offer individuals a secure platform to dispose of their sensitive documents. By providing off-site shredding services free of charge, we empower community members to protect their personal information effectively. These events gain additional credibility and reach through partnerships with local media, law enforcement, and government bodies, ensuring a broad impact and heightened awareness around the issue of document security. Beyond these community initiatives, we are committed to making residential shredding services both accessible and affordable. Our competitive pricing plans are crafted with the consumer in mind, ensuring that safeguarding personal information doesn’t have to be a financial burden. Take a decisive step towards securing your private documents and preventing identity theft. Schedule your shredding service with us today by calling (978) 636-0301, and join us in our mission to fortify our communities against the threat of consumer fraud and identity theft.

Comments are closed.