As of March 1, 2010, Massachusetts residents like me now have more protection and safety for their personal information. So what exactly changed?
Now businesses in Mass. that collect personal information such as Social Security numbers, bank or credit card account numbers, have to apply new levels of data protection. The new law applies specifically to data encryption of information stored on any back up platform, even tape. Data is now required to be encrypted if it is moved or copied or is on a mobile device like a laptop or a thumb drive. Companies are now truly responsible for protecting and encrypting personal consumer information.
My guess is that this new change to the law “201 CMR 17.00” is a direct response of the legislature to the huge theft of customer credit information that occurred in 2007 at Massachusetts retailing giant TJX. Additionally, not just companies that collect consumer information but everyone who owns or licenses personal information must have a written plan detailing the measures adopted to safeguard that information.
Here is an excerpt from press release
“Consumers should feel confident that their personal information is protected, and not exposed to loss or theft,” said Governor Deval Patrick. “These regulations improve the safety of personal information, while giving businesses the flexibility to secure that information without undue burden.”
“In two years, over one million pieces of information belonging to Massachusetts residents were lost or stolen, creating stress, worry and financial inconveniences for consumers,” said Barbara Anthony, the Undersecretary of the Office of Consumer Affairs and Business Regulation. “The rules taking effect March 1 will make it less likely that personal information is exposed, and create another layer of protection for consumers.”
In reality the new requirements don’t seem terribly onerous for businesses, even small businesses with limited technical resources given some of the off-the-shelf encryption tools or backup solutions that have encryption built in.
Karl Dias
Remote Data Vault
Remotedatavault.com
About Me
- Remote Data Vault
- Remote Data Vault offers complete Data Backup for PCs and Servers Local & Online plus Diskimaging and disaster recovery. Your data is protected even in the event of an onsite disaster like a fire or flood. Remote Data Vault is recommended a best practice by IT specialists and good common sense. You can have total control and flexibility over your data at all times. Get a fast system restore that's completed in a matter of hours instead of days. Remote Data Vault also offers a Bare Metal Restore for quick reconstruction on a blank or new system.