201 CMR 17 and what it means for your company.

If you haven’t heard of 201 CMR 17 and your company handles personal information for your customers you will have to read up. “Every person that owns, licenses, stores or maintains personal information about a resident of the Commonwealth shall develop, implement, maintain and monitor a comprehensive, written information security program applicable to any records containing such personal information”. Luckily Massachusetts has postponed the deadline to be 201 CMR 17 compliant from January 1010 until May 2010, but you should still start working towards being compliant as soon as possible. I know The Office of Consumer Affairs and Business Regulation has received a lot of backlash due to this new law, and I for one am for it. I have worked for companies who enforced data protection and who didn’t. The ones who did used encryption, etc. I know the costs to implement such things can make even the mightiest CFO cringe. At the end of the day with the dawn of a new decade hacking means have matured exponentially and the most important thing to the customer is who will be protected most, and I for one welcome anything that will protect my personal information. Below is just a short list of things you will need to do:

– Need to have your email secure and possibly encrypted.
– Audit and detection software so you can audit file access and also detect unwanted access.
– Encrypt all removable media
– Tighten security