An insurance provider in Massachusetts had basic security measures in place, but these were not enough to be fully compliant with a strict, new state regulation, reports Greg Masters.
When Massachusetts passed what arguably is one of the most stringent data protection laws in the nation last March, Ray Pata, the manager of systems and programming at A.I.M. Mutual Insurance Cos., found himself particularly challenged with the encryption of laptops, required by the new law.
The legislation, 201 CMR 17.00, requires that all companies, no matter where they are based, must safeguard the paper or electronic records in their possession of any Massachusetts resident. Businesses that possess personally identifiable information (PII) of Bay State residents will now be required to encrypt all devices and transmissions.
This legislation differentiates itself from other state disclosure bills because it forces businesses to become proactive in securing technology, insisting that organizations take measures to protect information, as opposed to other guidelines that only require companies alert customers should their data be compromised. In addition, it requires that businesses restrict access to company data to only those employees requiring access, have an employee dedicated to security efforts, regularly monitor enterprise security programs, and develop, implement and maintain a “comprehensive information security program.
To Continue Reading: Click Here
---------------------------------------------------
Source: scmagazineus.com
By: Greg Masters
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment