Compliance with State Law
Information security is simultaneously one of the most important and one of the most difficult to understand topics facing the business world today. It spans everything from shredding sensitive documents, to removing hard drives from printers before retiring them, to protecting your customers’ information on your computer systems. There are so many different aspects to information security as well as steps that can be taken to achieve it. In Massachusetts, we are subject to state law 201 CMR 17.00. Our state led the way years ago, introducing comprehensive legislation governing the way businesses must handle certain security practices if they deal with customer information. The problem is, many small and medium sized businesses aren’t aware of the law, much less compliant with it.
The law states you MUST encrypt the hard drive of portable computers and mobile phones if they contain customer data. This can include emails.
(5) Encryption of all personal information stored on laptops or other portable devices
This heavily impacts lawyers, realtors, mortgage professionals, financial institutions, and any other business that stores customer information on their computers or mobile devices.
The law also mandates Firewall security appliances and a patching strategy for Windows/Apple/Linux installations:
(6) For files containing personal information on a system that is connected to the Internet,
there must be reasonably up to date firewall protection and operating system security patches,
reasonably designed to maintain the integrity of the personal information.
You must also encrypt your wireless connection and encrypt any emails containing personal information:
(3) Encryption of all transmitted records and files containing personal information that will
travel across public networks, and encryption of all data containing personal information to be
We will assist your business in identifying if you are subject to these regulations and if so, determine what solutions need to be implemented to ensure compliance. The penalty for non-compliance is $5,000 per violation.