This document summarizes an informational breakfast event about complying with Massachusetts identity theft and data security regulations. The event featured presentations from attorneys and consultants on assessing risks, creating a written security program, establishing procedures, and other best practices for businesses to protect personal information and comply with the regulations. It provided an overview of the new regulations, implications for businesses, how to assess security and create a compliance plan, and contact information for organizations that can help or provide free assessments.
1. Personal Identity Security* “Y2K plus 10” Are You Ready for January 1, 2010? * First in a series of Informational Breakfast Events with topics of timely and valuable information for small business owners and organization leaders AUGUST 4, 2009 – Woburn, MA Presented by the: Boston Business Alliance The new MA regulation: 201 CMR 17.00
4. Moderator and Speakers Dennis Ford Eagan Dennis Ford Eagan, attorney with Finneran & Nicholson, P.C., a business law firm located in Newburyport. Attorney Eagan focuses his practice on advising and counseling business clients regarding employment matters and compliance with state and federal laws and regulations. Attorney Eagan also advises business clients in protecting their intellectual property interests. He a member of the Massachusetts Bar Association and the Newburyport Bar Association and has co-chaired presentations before the bar associations, including a recent presentation on the Massachusetts Identity Theft and Data Security Regulations, 201 CMR 17.00. Ray Arpin Ray Arpin has 30 years of experience working with small companies and start-ups, to Fortune 10, Global 2000, state and federal organizations, in a wide variety of industries and segments. His specialty is business process improvement to increase sales and reduces costs, professional services, and regulatory compliance. Most recently, he is focused on helping companies and individuals quickly apply business best practices, and specifically to become compliant with personal identity security regulations and MA 201 CMR 17.00. Matt Pettine Matt has over 20 years of experience in business and best practices in the application of technology. He holds no less than 5 certification in these areas. He fully understands business and how the different functions interrelate, along with the uses technology to compete in today’s business world. He has worked in security and regulatory compliance in MA 201 CMR 17.00, Sarbanes-Oxley, and with other regulations. He is a member of the Information Systems Audit and Control Association. Steven Stanganelli – Moderator Steve Stanganelli is a five-star rated, board-certified financial planning professional with over 20 years of experience coaching individuals and businesses on ways to improve and protect their personal or business bottom line. His practice encompasses investment management as well as asset protection strategies for business owners and professionals. He is a published author, been quoted extensively at www.BankRate.com, and has appeared on TV as a subject matter expert guest on “Your Money ABCs.” He is a member of the Financial Planning Association, CFP Board of Standards, and serves the Merrimack Valley Estate Planning Council.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29. Estimated Cost of Compliance Based on OCABR estimates for: 10 person business with 3 laptops and 1 network server, serving 7 desktops Options: 1 Potential High Cost 2 Possible Outsource 3 OCABR Estimates* 4 Do it yourself?? 5 Yourself & Expert
30. Back Up Cost Information* * OCABR assumption is the ‘business’ would already have retained such a consultant to monitor and maintain the current installation and software in connection with protecting the company’s own, and customer, information.
