Friday, August 21, 2009

Massachusetts Data Protection Law Amended, Delayed - Again

Before you read this article you should know that the Massachusetts law mentioned here is the strictest law in the nation. It has requirements that a business must comply with in regards to identity theft in the workplace. Their requirements are tougher than the FTC's current FACTA law and the Red Flags Rule amendment.

For those business owners reading this, this is what we do at no direct cost for most businesses:

1. We provide a personalized written policy outlining specific requirements for protecting the non-public information of customers vendors and employees.


2. A letter that can be used when appointing a
security compliance officer - see www.ftc.gov under Gramm, Leach, Bliley.

3. A comprehensive training program which (www.FTC.gov "Protecting Personal Information: A Guide for Business") is a suggested first step (pages 16-17) in protecting NPI and educating employees about the risks/liabilities of identity theft and data loss.

4. When employees complete the training, we provide the "Use of Confidential Information by Employee" form that serves as proof they've completed a mandatory training in handling NPI. This signed document demonstrates that the company is taking reasonable measures to protect customer, employee and vendor information.

We also offer an online Red Flags Rule compliance module at www.RedFlagsRulePolicy.com

Massachusetts Data Protection Law Amended, Delayed - Again
New Rules Now Won't Apply Until March 2010
August 20, 2009 - Linda McGlasson, Managing Editor

Once again, Massachusetts is delaying the compliance deadline for its toughest-in-the-nation data protection rules. The new effective date is March 1, 2010.

Saying that the state must balance the needs of consumer privacy protection with the needs of small business, the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) has also amended its data security regulations. Earlier this week the OCABR announced the revised rules will facilitate a "risk-based approach" to data security - an approach that is expected to help the small-business community.

The OCABR also modified the regulations to make them technology neutral. A public hearing on the changes will be held on September 22 in Boston.

Barbara Anthony, the Massachusetts Undersecretary of the Office of Consumer Affairs and Business Regulation, says the adjustments to Massachusetts' identity theft regulations will also reinforce flexibility in compliance by small businesses.

The risk-based approach is especially important to small businesses that may not handle a lot of personal information about customers, says Anthony. Under a risk-based approach, a business, in developing a written security program, should take into account its size, nature of its business, the kinds of records it maintains, and the risk of identity theft posed by its operations. (Full text at www.bankinfosecurity.com)


To learn more about Identity Theft and what to do if you are a victim, visit www.StopIdTheftCrime.com and subscribe to the newsletter to obtain your free 46 page eBook "Fighting Back Against Identity Theft".

Remember, estimates are that every 2-4 seconds an Identity is compromised. Why take chances? Why not protect yourself and your loved ones with the best suite of services provided (including restoration) by the best NYSE company in the field? Educate yourself and visit the shameless plug below or call me at (909) 208-3728!

Shameless plug
the Best Identity Theft Protection available dot com

No comments:

Child Identity Theft Does Happen

Identity Theft Shield Overview