Irrespective of the state you operate in, this privacy law is applicable to any business extending credit to, or processing or storing data on customers in Massachusetts...
UPDATED IN FEB. 2010: Now that the Massachusetts "Standards for the Protection of Personal Information" is in effect, it may well be the toughest privacy law in the nation - and perhaps the new "gold standard" for data security legislation.
Register for this newly refreshed webinar to learn:
The latest details of the Massachusetts privacy standards;
How these amended standards may impact your business or agency;
The potential impact on federal privacy legislation.
Does your business extend credit to or employ Massachusetts residents? Do you or your organization manage, store or process personal information on Massachusetts residents? If "yes," then you need to be prepared for the Massachusetts "Standards for the Protection of Personal Information."
Compared to most other state laws covering identity theft, the new Massachusetts "Standards for the Protection of Personal Information" - or Mass Privacy Law -- is sweeping in its scope and impact.
The types of businesses covered by the law are also expansive, since the standards apply to any organization, whether or not located in Massachusetts, as long as it owns, licenses, stores or maintains "personal information about a resident of the Commonwealth."
In terms of specific requirements, the standards are similar to existing federal laws such as the GLBA and HIPAA that require organizations to establish written information security programs to prevent identity theft. However in a departure from federal regulations, the Mass Law also contains several detailed technology system requirements, especially for the encryption of personal information sent over wireless or public networks or stored on portable devices.
This presentation is part of a new series of webinars created by Information Security Media Group to address major federal and state laws covering information security. Each presentation provides:
An introduction to these specific laws and regulations;
Detailed materials on the origins, scope, definitions and specific requirements;
Description of how the laws will be enforced;
Guidance on the impact of these provisions and what each organization can do to comply.
Former Dir. Information Security Risk Management, First Republic Bank
Bill Sewall is an Information security, compliance and risk management specialist with 30 years experience as a corporate attorney and general counsel, CIO, information security officer, and operational risk manager.
Prior to First Republic Bank, Sewall spent 10 years as a senior executive information security officer in Citigroup, including management of the IS training and awareness program and responsibility for the Citigroup IS Policy and Standards.
Over the course of his career as a business manager, he has built data centers, lead development and systems groups and managed audit and assessments in such areas as GLBA, SOX and Basel II.