|
Application Security, Inc. (AppSec) empowers you with the security solutions to address the regulatory requirements set forth by:
Massachusetts Data Privacy Law 201 CMR 17
In September of 2008, Massachusetts enacted security standards to safeguard personal information. While not the first state to enact data protection laws, this Massachusetts legislation is far more stringent that those of other states.
This new security law "MA 201CMR17.00, Standards for the Protection of Personal Information of Residents of the Commonwealth" (or MA 201) is designed to protect the personal information of Massachusetts residents, and mandates that "every person who owns, licenses, stores or maintains personal information about a resident of the Commonwealth [of Massachusetts] shall be in full compliance with 201 CMR 17.00" on or before March 1, 2010.
Summary
MA 201, section17.03 requires the establishment of a comprehensive information security program and measures, and sets minimum standards that all businesses and individuals must meet to ensure adequate protection of personal information. The intent of MA 201 is to better protect Massachusetts residents against the threat of identity theft or fraud.
The regulation applies to any organization, public or private, that electronically stores personal information (PI) about a Massachusetts citizen, whether that business is located in-or outside of Massachusetts. If information about a Massachusetts resident’s Personally Identifiable Information (PII) has been collected, the regulation applies. PII is defined as records that contain the first name and last name or first initial and last name plus any of the following:
- Social Security number
- Driver's license or state-issued identification card number
- Financial account number
- Credit or debit card number
Non-compliance can result in possible penalties of up to $50,000 for each instance depending on the infraction, business interruption, and legal costs. As this legislation is the most stringent across the nation, the ability to "do nothing" is not an option.
MA 201 also requires that third party service providers who have access to PII must take similar measures to protect the data in a manner consistent with these regulations.
What Are The Requirements?
MA 201requires that organizations that electronically store or transmit personal information use adequate security measures to protect these data, as described in section 17.04:
- Secure user authentication protocols
- Secure access control measure
- Encryption of all transmitted records and files containing personal information that will travel across public networks and encryption of all data containing personal information to be transmitted wirelessly
- Reasonable monitoring of system for any unauthorized use of or access to personal information
- Encryption for all personal information stored on laptops or portable devices
- Up to date firewall protection and operating system security patches
- Up to date versions of system security agent software malware protection, patches, and virus definitions
- Education and training of employees on proper use of the computer system and the importance of personal information security
For details and full text of the law, see here.
Solution
Application Security’s database security, risk and compliance solutions have the policies in place to make sure you are complying with Massachusetts 201 regulations.
 |
|
 |
| For Auditors and IT Advisors |
|
For Enterprises |
 |
|
 |
| AppDetectivePro is a PC-based,
database vulnerability assessment
point solution. |
|
DbProtect is an enterprise-
class database security, risk
and compliance platform. |
|
|
|
|
Request a FREE trial
Contact Sales 
