Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cmr 17


Published on

New Massachusetts Privacy Law Mass CMR 201 17. Overview, Compliance, Procedure, Checklist, Template

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Cmr 17

  1. 1.
  2. 2. Overview<br />About the Law<br />Affected Organizations<br />Requirements for Compliance<br />Consequences of Non-Compliance<br />About IT Managed Services<br />
  3. 3. CMR 201 17.00<br /> The law is called, “Standards for The Protection of Personal Information of Residents of the Commonwealth”<br /> Purpose and History:<br />TJX & Hannaford Data Breaches <br />SOX 404<br />Payment Card Compliance<br />HIPAA<br />
  4. 4. Scope of the Law<br />What Organizations are required to comply with the new law?<br />Verbiage: Organizations, “who own, license, store or maintain personal<br />information about a resident of the Commonwealth of Massachusetts.”<br />Personal Information Includes:<br />Electronic Transaction and Billing Data (cc #s, bank data, etc)<br />Identity-Theft Target Data (ss#, identification, etc)<br />Customer Records<br />
  5. 5. What is Required?<br />Four Main Components:<br />Risk Assessment and WISP<br />Data Privacy Awareness Policy<br />Security (A/V, Firewall, Encryption)<br />Third Party WISP<br />
  6. 6. Penalties<br />Penalties for Non-Compliance:<br />Enforcement through the Office of Mass AG<br />Fines ranging $5,000 to $50,000.<br />Forensic Data Discovery<br />Private Suit<br />Punitive Damages<br />
  7. 7. Solution<br />IT Managed Services:<br />Professional Risk Assessment<br />Written Information Security Plan (WISP)<br />Flat Rate <br />24/7 Monitoring<br />Full Encryption<br />Full Antivirus<br />Firewall<br />