MA Compliance Regulation 201 CMR 17
What is 201 CMR 17?
This regulation establishes minimum standards to be met
in connection with the safeguarding of personal
information contained in both paper and electronic
records. The objectives of this regulation are to insure
the security and confidentiality of customer information
in a manner fully consistent with industry standards;
protect against anticipated threats or hazards to the
security or integrity of such information; and protect
against unauthorized access to or use of such
information that may result in substantial harm or
inconvenience to any consumer.
Has anyone been actually charged
under this law?
Here are a couple of recent examples of
companies that faced penalties under the new law.
Do I need to worry about 201 CMR 17 compliance?
If you store any personal data belonging to a Massachusetts resident in electronic or hard copy format, you need to adhere to these regulations.
Personal Information is defined as:
a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided, however, that "Personal information" shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
What can Sudbury Computer do to help me make sure that I am compliant?We can help you achieve 201 CMR 17 compliance using the latest security and encryption technologies.
We can help you encrypt your laptops, desktops and servers at the disk level to prevent unauthorized physical access. We can also help you encrypt your removable media such as backup devices or USB thumb drives.
We can help you encrypt your E-mail for transmitting personal information securely.
We can help you write your WISP (Written Information Security Plan) to meet Mass regulatory requirements.
We can help you create and adhere to a secure password Policy
We can help insure that all of you system protections such as Firewalls, Anti-Virus, Anti-Malware, Service Packs, Security Patches, etc. are up to date.
We can help train your users to fully understand the expectations and requirements of protecting users personal data.
We will be happy to come in and do a free audit of your network and systems to make sure you are secure.
Solutions
Maintenance Packages
We monitor critical equipment and services 24/7 to identify problems before they become major issues. We maintain all equipment to insure security, stability and reliability.
Disaster Recovery/Business Continuity
Does your Disaster Recovery/Business Continuity plan allow you to sleep well at night. Sudbury Computer will work with you to determine the proper plan to safeguard your business; get you up and running in an acceptable timeframe in the event of an emergency; and keep you functional during the recovery process.
Security/Compliance Auditing
We audit your organization to make sure that you are up to date with the latest security, compliance, and disaster recovery standards. We can help you meet HIPAA, 201 CMR 17, SOX and other compliance regulations.