MA Regulations Require Businesses to Have Information Security Program to Protect Personal Information

By Lester Rosen, ESR President

The Massachusetts Offices of Consumer Affairs and Business Regulations (OCABR) recently passed regulations that went into effect March 1, 2010 and are aimed at safeguarding the private in rank of Massachusetts residents by requiring a business to have a Written In rank Security Program (WISP) to protect private in rank.

The ‘STANDARDS FOR THE PROTECTION OF Private In rank OF RESIDENTS OF THE COMMONWEALTH’ cover any business that “receives, stores, maintains, processes, or otherwise has access to private in rank in connection with the provision of excellent or air force or in connection with employment.”

The rules defined private in rank as a Massachusetts’s resident’s name combined with a social security number, drivers ticket or disorder issued ID card, or a fiscal account.

The regulations also apply to third parties and demand that there be contracts to ensure that the regulations are implemented and maintained, although the contracts did not need to be updated before March 1, 2012. It appears that Massachusetts takes the position that the rules apply to out of disorder firms that handles private in rank as well.

A business that is regulated by these rules must have and implement a written comprehensive in rank security policy, or WISP. The rules do not specify exact policies but provides minimum requirements and indicates a business should pocket certain a number of factors into account such as the kind of records it maintains and the risk of identity theft.

Some of the things a business must do includes a review of foreseeable internal and external risks, evaluation and improvement of safeguards, policies for employee access outside of the business, implementing security measures such as password control and up to date firewall, employee training, ensuring that terminated employees cannot access confidential data as well as disciplinary measures for violations of the regulations.

This new law has been described as the “toughest in the nation,” and should go a long ways toward improving privacy and data security and fighting identity theft. A text of the new regulations can be viewed at: http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf.

With these strict in rank security regulations now in effect in Massachusetts, employers need to ensure that their background screening firms are in compliance, Employment Screening Resources (ESR) – a leading background check provider – maintains compliance with the new private in rank protection in Massachusetts. For extra in rank on privacy and data security as it relates to background checks, contact Employment Screening Resoruces at http://www.ESRcheck.com.

Source:

A text of the new regulations can be viewed at: http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf