Knowledge Management
REGISTER| SIGN IN| HELP| HOME
Browse
Project Tools
About Us
For Vendors
Search by:   
Search
  Advanced Search >   

Research Abstract
Massachusetts Data Protection Law: 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth by Lumension

> View this now

Published on: August 13, 2009
Type of content: WHITE PAPER
Format: Unknown
Length: 8 pages
Price: FREE

Overview:
In the first ten months after a new Massachusetts identity theft law took effect in late-2007, the Office of Consumer Affairs and Business Regulation reported that over 625,000 residents of the Commonwealth had been directly impacted by a data breach of their personally identifiable information (PII). Of these, about 60% were the result of criminal / unauthorized acts and the remainder due to employee error or "sloppy internal handling" of PII. To help mitigate the negative impacts of this ID theft problem, Massachusetts passed a new law that requires any organization that "owns, licenses, stores, or maintains personal information about a resident of the Commonwealth" to follow a comprehensive set of information security requirements.



This new set of regulations (201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth), initially released in September 2008 and then updated in early 2009, defines personal information as first name (or initial) and last name in combination with one or more of the following: SSN; driver’s license or state-issued ID card number; financial account number, credit or debit card number, with or without any required security code, access code, PIN or password. [There is an exception for publicly available information.] It takes state data protection laws into some unprecedented areas, such as mandating the use of encryption to protect PII (whether in transit or at rest) and the use of regularly patched and up-to-date OS, anti-virus / anti-malware, and firewall software.



According to section 17.01(2), the provisions of this regulation apply "to all persons who own, license, store or maintain personal information about a resident of the Commonwealth." This means all businesses, be they in-state or out-of-state, which store personal information about a resident in the state of Massachusetts will need to implement a comprehensive information security program.



Read this whitepaper to learn more about the new regulations in Massachusetts and what they mean to your organization.

 > View Company Report
> View all content by this company
> Return to Search Results


         
The Complete KnowledgeStorm Network of Technology Search Sites. Focused searching for faster results.
Featured Companies | Get Listed on KnowledgeStorm | About KnowledgeStorm | Help
Solution & Research Index
Recent Searches: 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25
Knowledge Management is a part of the KnowledgeStorm Network.

KnowledgeStorm is brought to you by TechTarget, the most targeted IT media.
Copyright © 2009 KnowledgeStorm and TechTarget. All rights reserved. Privacy Statement - Terms of Use
 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints




   TechTarget - The IT Media ROI Experts