Data privacy, security laws have far-reaching impact
Massachusetts has enacted data privacy and data security regulations that will make it eke out California for the most wide ranging state privacy and security laws -- laws that are likely to impact the policies, practices, procedures, contracts and training used by companies nationwide. The Massachusetts Office of Consumer Affairs and Business Regulation determined that there was a significant need for set of comprehensive standards that ensure businesses are taking practical steps to safeguard personal information. While many of these practices are probably adopted by most companies in some way, shape or form --now a laundry list of minimum standards will be required. And, since it may be impractical for a company to treat information collected from Massachusetts residents differently than others--many companies across the country will need to look holistically at their data privacy and security programs across the country to make sure that they meet the requirements of Massachusetts standards.
Beginning on January 1, 2009, all businesses that collect personal data from or about Massachusetts residents will need to adopt a comprehensive written security program, conduct internal and external security reviews and complete employee training regarding their programs. While the efficacy of a security program will be determined based on the relative size of a company and the type and amount of data a company maintains, the standards clearly state that a security program needs to contain, at a minimum:
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by TwitterOn Twitter now
security
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Excellent article on Mass's new Security & Privacy Laws.
While I have visted and attended some training in the great state of Massachusetts, I am not a resident. Nonetheless, I am very impressed and pleased to see the folks in Massachusetts take a more serious approach to security and privacy.As a practitioner of Information Security and Privacy this shows me they have not only heard the voices of the citizens of Massachusetts, but have acknowledged that information is an asset and must be protected appropriately.
The rest of the states as a whole need to adopt or modify their laws to enhance security and privacy laws.