Following Oregon's Lead - Massachusetts 201 CMR 17.00

Starting in 2009, the Commonwealth of Massachusetts will have a strong, new law to protect its residents. It is very similar to the Oregon Identity Theft Protection Act (OIPTA), but it actually has a few improvements. Like the OITPA, what the law really means can be somewhat puzzling for business owners. The new law (201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth) requires businesses to ensure the protection of Personally Identifiable Information (PII) on all Massachusetts residents.

This affects the entire range of businesses from sole proprietors to large corporations. Additionally, since non-profits also deal with PII, these entities must follow the same compliance requirements as businesses. This new law requires all Massachusetts businesses and organizations to develop and implement acomprehensive information security program. The law is similar to that of other states. The goal is to have businesses secure their operations so that it makes it harder for identity theft and hacking incidents to occur.

On a positive note for businesses, by enacting the steps to become compliant with Information Security laws, an organization can reap long-term savings from the beneficial effects of a good security program. These savings include less virus outbreaks, decreased downtime from data loss or corruption, a better educated workforce, and decreased reactive computer and network support costs.
What is your plan to make your business compliant?