201 CMR 17.00 – New Privacy Law<br />Irene Wachsler, CPA, MBA<br />Tobolsky & Wachsler CPAs, LLC<br />
Establishes minimum standards that must be met to safeguard personal information for both paper& electronic records<br />A...
Implementation has been pushed back to March 1, 2010<br />Good News!!!!<br />
Since August 2008, the Office of Consumer Affairs and Business Regulation (OCABR) has investigated 320 incidents:<br />Thr...
Two pieces:<br />First name & last name or first initial and last name and<br />One or more of the following:<br />Social ...
Absolutely!<br />Tax Returns<br />Copies of W-2s; bank, mutual funds stock statements, etc.<br />Possibly your clients<br ...
Some things are obvious:<br />Prevent terminated employees from access to your computer & paper records.  (Immediately get...
Some things will require a change in work habits:<br />Employees are prohibited from keeping open files containing persona...
Some things are not so obvious:<br />Encrypt all transmitted electronic records and files<br />Ensure that your computer h...
Some things are not so obvious:<br />Do not send a fax without confirming that the authorized recipient has exclusive acce...
Implements the Plan to protect the security and confidentiality of personal information<br />Trains all employees<br />Con...
January 1, 2010<br />Paper records must be secured (i.e. locked)<br />Electronic records must be encrypted<br />Third-part...
You must immediately notify both the Attorney General’s Office and the Office of Consumer Affairs and Business Regulations...
Must send notice to National Credit Bureaus<br />Must notify all affected residents:<br /><ul><li>Consumer’s right to obta...
Instructions for requesting a freeze on a credit report
Access to additional information including the date of the data breach and any steps you have taken or plans to take relat...
Paper – burned, pulverized or shredded so that personal data cannot practicably be read or reconstructed<br />Electronic m...
DISCLAIMER:  The software tools listed on this and following pages are what our firm, Tobolsky & Wachsler CPAs, LLC uses. ...
Hardware:  NetGearProSafe VPN Firewall<br />&lt; $100 at Circuit City<br />Wireless NetGear Modem<br />Encrypted wireless ...
Norton 360<br />Automatic updates of malware & virus definitions<br />Antispyware<br />Email scanning of virus / junk emai...
www.box.net<br />Sharing of files<br />Access anywhere via Internet connection<br />Password protect files<br />Invite cli...
Carbonite<br />Online backup service<br />Encrypts files before they are uploaded from PC<br />Files remain encrypted at t...
ComodoTrustConnect<br />Protects identity and keeps information private<br />Need to log in to TrustConnect website<br />$...
Upcoming SlideShare
Loading in...5
×

Presentation On Mass Data Privacy Law

1,052

Published on

Massachusetts Data Privacy Law Presentation

Published in: News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,052
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
26
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Presentation On Mass Data Privacy Law

  1. 1. 201 CMR 17.00 – New Privacy Law<br />Irene Wachsler, CPA, MBA<br />Tobolsky & Wachsler CPAs, LLC<br />
  2. 2. Establishes minimum standards that must be met to safeguard personal information for both paper& electronic records<br />Applies to “all persons that own, license, store or maintain personal information about a resident of the Commonwealth”<br />What is the New Law?<br />
  3. 3. Implementation has been pushed back to March 1, 2010<br />Good News!!!!<br />
  4. 4. Since August 2008, the Office of Consumer Affairs and Business Regulation (OCABR) has investigated 320 incidents:<br />Threatened to compromise the personal information of 625,365 Mass. Residents<br />60% of incidents involved theft of laptops / hard-drives<br />40% of incidents involved employee error / poor internal handling of sensitive information<br />Identity theft costs consumers & businesses $52 billion annually<br />Why????<br />
  5. 5. Two pieces:<br />First name & last name or first initial and last name and<br />One or more of the following:<br />Social security number<br />Driver’s license / state-issued ID<br />Financial account # / credit card / debit card<br />What is Personal Information?<br />
  6. 6. Absolutely!<br />Tax Returns<br />Copies of W-2s; bank, mutual funds stock statements, etc.<br />Possibly your clients<br />Do they have employees?<br />Maintain payroll records, I-9s, 1099s?<br />This applies to both <br />Paper (“stuff” in the filing cabinets) and <br />Electronic (data stored on your computer)<br />Does this Apply to CPAs?<br />
  7. 7. Some things are obvious:<br />Prevent terminated employees from access to your computer & paper records. (Immediately get the computer, keys to the office, etc.)<br />Use a password to logon to your computer (and don’t share / write down your password)<br />Educate and train your employees on the importance of protecting your client’s personal information<br />Lock your paper records / file cabinets<br />How Do I Comply with the New Privacy Act?<br />
  8. 8. Some things will require a change in work habits:<br />Employees are prohibited from keeping open files containing personal information on their desks when they are not at their desks<br />At the end of the day, all files containing personal information must be secured<br />Paper and electronic records shall be disposed of in a manner that complies with M.G.L. c. 93I <br />How Do I Comply with the New Privacy Act? <br />
  9. 9. Some things are not so obvious:<br />Encrypt all transmitted electronic records and files<br />Ensure that your computer has up-to-date:<br />Firewall protection <br />Operating system security patches<br />System security agent software including malware protection and virus definitions<br />Hang out in the office when the cleaning crew arrives<br />Designate a Data Security Coordinator who is responsible for implementing a plan to protect personal information<br />How Do I Comply with the New Privacy Act? <br />
  10. 10. Some things are not so obvious:<br />Do not send a fax without confirming that the authorized recipient has exclusive access to the receiving fax machine<br />How Do I Comply with the New Privacy Act? <br />
  11. 11. Implements the Plan to protect the security and confidentiality of personal information<br />Trains all employees<br />Conducts regular testing of the Plan’s safeguards<br />Evaluates the ability of service providers to comply with new law<br />Conducts annual training for everyone – owners, employees, independent contractors, etc. All attendees must certify their attendance & familiarity with the Plan<br />Data Security Coordinator<br />
  12. 12. January 1, 2010<br />Paper records must be secured (i.e. locked)<br />Electronic records must be encrypted<br />Third-party service providers must be capable of protecting personal information<br />All other portable devices must be encrypted – memory sticks, DVDs, PDAs, etc.<br />Required written certification from third-party service providers<br />Key Dates<br />
  13. 13. You must immediately notify both the Attorney General’s Office and the Office of Consumer Affairs and Business Regulations:<br />Include the nature of the breach<br />The number of residents of the Commonwealth affected<br />Any steps taken or plans to take relating to the breach<br />What Happens if My Records are Breached?<br />
  14. 14. Must send notice to National Credit Bureaus<br />Must notify all affected residents:<br /><ul><li>Consumer’s right to obtain a police report
  15. 15. Instructions for requesting a freeze on a credit report
  16. 16. Access to additional information including the date of the data breach and any steps you have taken or plans to take relating to the incident</li></ul>What Happens if My Records are Breached? <br />
  17. 17. Paper – burned, pulverized or shredded so that personal data cannot practicably be read or reconstructed<br />Electronic media – destroyed or erased so that personal information cannot practicably be read or reconstructed<br />Caveat emptor – “erasing” data on a computer does not meet this requirement. It is easy to reconstruct an “erased” file<br />How Do I Dispose of Records in Compliance with M.G.L. c 931?<br />
  18. 18. DISCLAIMER: The software tools listed on this and following pages are what our firm, Tobolsky & Wachsler CPAs, LLC uses. <br />WE DO NOT OFFICIALLY ENDORSE THESE TOOLS NOR DO WE SUPPORT THEM. These tools are mentioned for discussion purposes only.<br />Software Tools that We Use<br />
  19. 19. Hardware: NetGearProSafe VPN Firewall<br />&lt; $100 at Circuit City<br />Wireless NetGear Modem<br />Encrypted wireless access<br />$30 at CompUSA<br />Software: Norton 360<br />$60 for 3-user license at Staples<br />Firewall Protection<br />
  20. 20. Norton 360<br />Automatic updates of malware & virus definitions<br />Antispyware<br />Email scanning of virus / junk email<br />$60 for 3-user license at Staples<br />Malware Protection & Virus Definitions<br />
  21. 21. www.box.net<br />Sharing of files<br />Access anywhere via Internet connection<br />Password protect files<br />Invite clients to download files<br />Files are encrypted prior to upload / download<br />Files backed up across multiple, geographically separated servers<br />$49.95 per month for 15GB of online storage<br />Online Sharing of Files<br />
  22. 22. Carbonite<br />Online backup service<br />Encrypts files before they are uploaded from PC<br />Files remain encrypted at their data center<br />Requires unique login to retrieve files<br />$49.95 per year w/ unlimited storage<br />Backup of Data<br />
  23. 23. ComodoTrustConnect<br />Protects identity and keeps information private<br />Need to log in to TrustConnect website<br />$50 per year<br />Wireless Connections from Public Wi-Fi Hotspots<br />
  24. 24. TrueCrypt – encrypted directories on laptops<br />Microsoft encrypts data on hard drives<br />Data Encryption<br />
  25. 25. Irene Wachsler, CPA, MBA<br />Tobolsky & Wachsler CPAs, LLC<br />irene@milliecpa.com<br />(781) 883-3174<br />To ensure compliance with the requirements imposed on us by Circular 230, we inform you that any tax advice contained in this communication (including any attachments) is not intended to and cannot be used for the purpose of (i) avoiding tax-related penalties under the Internal Revenue Code, or (ii) promoting, marketing or recommending to another party any tax-related matter(s) addressed herein.<br />Thank You!<br />
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×