Remember Me
forgot your password?

How Identity Theft and 201.CMR.17 Will It Effect Your Small Business?

Posted: May 20th, 2009 | Comments: 0 | Views: 66 | Bookmark and Share
Syndicate this Article

Massachusetts MGL93H or 201CMR17 have  not been widely publicized despite originally being scheduled to go into effect on January 1, 2009 and many small business owners that I talk to each day in Massachusetts and around the country have no idea what they are and how they might impact their business in the future, but they will.

How Do These Two Pieces of Legislation Work?

MGL 93H means to define security breaches and regulations for the safeguarding of personal information of any Commonwealth of Massachusetts resident.  While MGL93H sets in fact that there is indeed a law on the books to deal with security breaches, the regulation 201 CMR 17.00 that will go into effect on January 1, 2010 implements the provisions of the law and describes what you need to have in place in order to achieve compliance.

What Does 201 CMR 17 Mean For My Business?

201 CMR 17.00 essentially sets minimum standards for the protection of the personal information of any Massachusetts resident, whether it is stored in paper or electronic format.  This response to the explosion in identity theft is an effort to ensure that anyone that owns, licenses, stores, or maintains information about a Massachusetts resident must follow a set of requirements to protect that data from those that might use it inappropriately or illegally.  What must be considered is if and how these regulations will impact your business.  If you take information about your customers, employees or even contract help (that reside in Massachusetts) such as their name, along with:

  • Address
  • Social Security number
  • Credit card number
  • Driver’s license information
  • Other state issued identification information

and hold it in paper format or a database for any purpose – then these regulations will affect you and you must take steps to comply.

If you accept credit cards for instance, you will collect either an imprint of the card or the data from the magnetic stripe. With this information you will complete your
transaction and keep a record or at the very least have that data pass through your network to a third party card service provider.   For many business owners the first reaction is I do not save this information, so it does not apply to me.  The potential issue is collecting and transmitting the personal credit card information and the fact that your employees have access to it during the transaction.

If you are located in the Commonwealth of Massachusetts or have employees who reside there and you keep employment applications, a copy of a driver's license, a personel file or payroll information  on them than 201 CMR 17 applies to you and you must comply.

When I tell this to small business owners their first reaction is more government regulations that will require more technology and more costs that they can not afford right now.  The problem is that your customers are your life's blood and you need to protect them and their information.  No small business can afford the cost or implications of a data breach.  Aside from the obvious fines that might be imposed by the state and the legal costs and remediation costs associated with a breach, there is an even greater cost, one that could cost your entire business – the trust of your customer and the reputation of your business.

So What Do I Have To Do?

CMR 201 17.00 says specifically that those that own, license, store, or maintain information (in any way) about a MA resident shall develop, implement, maintain and monitor a comprehensive, written information security plan (WISP), applicable to any records containing such personal information. In addition to creating and maintaining a WISP, you will need to identify the components of the program that will include:

  • Designate one or more employees to maintain the comprehensive information security program.
  • Identify and assess reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of any electronic, paper or other records containing personal information.
  • Develop security policies for employees.
  • Limit the amount of personal information collected.
  • Identify paper, electronic and other records, computing systems, and storage media, including laptops and portable devices used to store personal information, to determine which records contain personal information, and seven other points that address the duty to protect personal information.

201 CMR 17.00 goes further and describes the methodologies that are expected to be complied with when considering the technology that you use.  In this section of the regulations entitled Computer System Security Requirements, the state has outlined the technology requirements in order to be compliant. These requirements include:

  • Securing user authentication protocols
  • Securing access control measures such that restrict access to records as well as manage passwords and users.
  • Encrypting data during transmission as well as any data on mobile devices such as laptops and PDAs.
  • Ensuring that there are current versions of security software such as anti-virus on systems.
  • Training employees about information security

The bottom line is that these new regulations not only serve to require that you have a set of policies and proceedures in place for effectively managing your information security, but actually directs you on what needs to be in place for technology compliance.

A great deal of the personal information that is compromised is stolen while stored or transmitted electronically, but this critical data can also be stolen for
the use in committing a crime while stored on paper in a file cabinet or if it has been improperly disposed of in a dumpster. The goal of MA MGL 93H and 201 CMR 17.00 is to change how a business views personal information and takes steps for its proper collection, use, storage, transport and destruction.

Compliance for a small business does not have to be cost prohibitive, but depending on the size and scope of your organization, changes may be necessary.  To learn more about 201 CMR 17 and developing a WISP for your company go to www.201CMR17Solutions.com.

Ryan Andrews
Rate this Article: 0 / 5 stars - 0 vote(s)
Print Email Re-Publish

Add new Comment

Captcha

  • Latest Small Business Articles
  • More from Ryan Andrews

Innovative Marketing Techniques for Your Small Business

By: Darryl Mobley | 16/12/2009
Small business owners have traditionally been at a disadvantage when it comes to marketing. Larger companies have tremendous amounts of money to throw into their marketing campaigns. However, small businesses have usually been forced to rely on small print or radio ads, word of mouth and “sales flyers” delivered to their customers’ doors.

Small Business Ideas-Help And Advice

By: Graham Williams | 16/12/2009
Although lots of people have great small business ideas, the practical application of such ideas is the one that matters. Decision making is sometimes just as hard as the actual change of job, life style or career. You should begin by some overall issues that are necessary for the implementation of any small business ideas you may have.

Ten Reasons to Buy the Akiles Pro-Lam Plus 330 Laminator

By: Jeff McRitchie | 16/12/2009
Are you looking for an all-in-one laminator that will offer you a wide variety of temperature settings, a large feed opening, and the ability to laminate both photographs and paper documents?

Six Great Features of the Akiles Pro-Lam Photo Laminator

By: Jeff McRitchie | 16/12/2009
Protecting your favorite photos is a great way to preserve your memories and one machine that can lend you a hand in doing so is the Akiles Pro-Lam Photo Laminator. This a is high-quality machine that will laminate both small and large photographs in addition to any other items you may need to protect, such as ID badges, business documents, and so on. This product has a lot of special features that deserve to be mentioned and make this a machine worth buying.

The Top Ten Reasons to Check out the Akiles Pro-Lam 100 Laminator

By: Jeff McRitchie | 16/12/2009
Akiles is a first-rate name in the laminating world, even when it comes to small laminators. Their Pro-Lam 100 is a really great little device that can handle all of your smaller jobs while still providing you with high-quality, picture-perfect lamination. This is really a top-notch machine that you will no doubt be impressed by. So that being said, here are the top 10 reasons to check out this product.

All You Need to Know About the Akiles Offiwire Manual Wire Binding Machine

By: Jeff McRitchie | 16/12/2009
When it comes to wire binding machines, it's hard to find a better brand name than Akiles, especially if you're looking for a manually operated machine. Their OffiWire Manual Binding Machine is great for when you want a high-quality device that won't cost you too much. This particular device comes in two different versions: one has a 3:1 pitch and the other has a 2:1 pitch. This article will look at both versions and fill you in on all you need to know about the OffiWire machines.

The Top Three Features of the Akiles CrimpACoil

By: Jeff McRitchie | 16/12/2009
When you bind documents with spiral coils, there is one final step to the binding process that is extremely important. After you've punched and bound your document, you need to crimp the coil. Crimping is simply turning up the end of the coil and securing it so your document doesn't fall apart. It is easy to do, but it can be time-consuming especially if you just bound a lot of booklets. This is when a normal pair of crimping pliers won't do the trick.

Should You Consider Mortgage Loan Modification Services to Avoid Foreclosure?

By: Ryan Andrews | 02/11/2009 | Debt Consolidation
A mortgage loan modification agreement can be an effective way to save your home and avoid foreclosure. There are a number of mortgage loan modification companies that have specialists who can advise you on the right mortgage loan modification services you may want to consider.

Healthy Thanksgiving Recipes and Cooking Ideas Using Healthy Food Choices

By: Ryan Andrews | 31/10/2009 | Recipes
You can create a wonderful but healthy Thanksgiving meal this year, using some healthy food recipes as well as some simple healthy cooking ideas you can use all year long. Most of all focus on making healthy food choices to serve your Thanksgiving dinner guests.

How Identity Theft and 201.CMR.17 Will It Effect Your Small Business?

By: Ryan Andrews | 20/05/2009 | Small Business
Massachusetts personal information security compliance regulation 201 CMR 17.00 essentially sets minimum standards for the protection of the personal information of any Massachusetts resident, whether it is stored in paper or electronic format. It will not be long before other states adopt similar laws that will effect how any size business will collect, use, store, transport or dispose of any and all customer, employee or affiliate personal information.

Submit Your Articles Free: Signup
Ryan Andrews Ryan Andrews has 4 articles online.
Contact Author
Subscribe to RSS

Print article
Publish this Article
Send to friend
Article Categories



Need Help?
Contact Us
FAQ
Submit Articles
Editorial Guidelines
Blog
Site Links
Recent Articles
Top Authors
Top Articles
Find Articles
Site Map
Webmasters
Partner with Us
RSS Builder
RSS
Link to Us
Business Info
Advertising
Article Writing
Partner with Us

Use of this web site constitutes acceptance of the Terms Of Use and Privacy Policy | User published content is licensed under a Creative Commons License.
Copyright © 2005-2008 Free Articles by ArticlesBase.com, All rights reserved. (0.04, 1, w2)