Regulatory compliance can be a challenging task for any corporation, but it can be particularly onerous if the regulation is a moving target. This is the case with Massachusetts data protection regulation 201 CMR 17.00, which seemed ready to go into effect Jan. 1, 2010 (already delayed once from a May 2009 enforcement date). Just a few months ago, this state regulation was positioned as a game changer. It framed data privacy in a way that forced organizations to take steps to protect personal data.
Today most state privacy laws focus on notifying people of a data breach rather than protecting the information in the first place. MA 201 CMR 17.00 was proactive, rather than reactive, security. But due to the uncertain economy, costs associated with meeting the regulations and complaints from the public, businesses and organizations, the Massachusetts Senate is now considering weakening the scope and specifics of the regulation.
But in a legislatively aggressive climate such as we are in now, with new security exploits being discovered every day and data breach disclosures such as those from The TJX Cos. and Heartland Payment Systems Inc., strict privacy and data protection laws from the state and federal levels are inevitable. Simply stated, MA 201 CMR 17.00 is good security practice. So despite the near-term uncertainty about the particulars, the prudent move by corporate IT is to take steps now to be ready for tough encryption and policy statements later.
Massachusetts businesses facing down MA 201 CMR 17.00 can meet the challenge with preparation and execution. The first step to preparation is education. Read this e-book to learn more about important topics such as identity theft, prevention of breaches, mandatory encryption, and getting ahead of the game where Massachusetts data protection law is concerned.
Sponsored By: BeCrypt, GuardianEdge, Lumension, Razorpoint Security Technologies, Sophos, and CDW
Compliance Research Library
