Is Your Data Secure? How to Comply with New Data Security Regulations

What are these regulations? 

New Data Security Regulations (201 CMR 17.00) (also known as Data Encryption) will take effect on March 1, 2010.  The regulations focus on protecting personal information by mandating any entity storing or transmitting personal information – a combination of a name along with Social Security number, bank account number, or debit/credit card number – ensure the personal information is encrypted when stored on portable devices or when transmitted over the Internet.  The regulations apply to anyone who "stores" personal information, in addition to those who receive, maintain, process, or otherwise have access to personal information.

As a provider, what are you required to do?

Every service provider and business in Massachusetts is now required to develop, implement, and maintain a comprehensive written data security plan that takes into account the entity's size, nature of business, the kinds of records it maintains, and the risk of identity theft. Our presenter will clarify the regulations, which can be vague, like helping you understand what they mean by "financially reasonable". 

Come to our training, presented by David Wilson of Hirsch, Roberts & Weinstein, LLP, on Wednesday, February 17th to learn what you need to do as an employer to comply with these regulations by March 1, 2010. 

Presenter

DAVID B. WILSON, Hirsch, Roberts & Weinstein LLP

Dave Wilson has spent over two decades litigating wage and hour, employment, real estate, maritime, and general commercial disputes in the state and federal courts of Massachusetts and New Hampshire.  Dave spends a significant amount of his time acting as a business partner with his clients, counseling and training them in all areas of employment relations law.  He also has an acute interest in the intersection between technology, the law and the workplace and has written and presented extensively on social media and hidden cameras in the workplace.    Dave is a member of HRW's Data Security Team, which was formed to develop a comprehensive approach to the new data security statutes and regulations (M.G.L. ch. 93H, 93I, 201 C.M.R. 17.00, et seq.)  including developing programs for compliance, speaking and training on the subject, and monitoring and participating in relevant legislative activities.