The new regulations require companies to limit the amount of data they collect, maintain a written security policy and keep a detailed inventory of all personal data and where it is stored. The regulations also require any business that handles sensitive personal information on citizens of the Commonwealth of Massachusetts to encrypt that data as it is transmitted via the Internet or stored on external mobile devices such as laptops, USB drives and other mobile storage equipment. "
Quantify the business value of Information Governance Solutions
Here is an informational article on the Massachusetts Data Privacy law, effective March 1, 2010. Source: CIO Magazine. "all businesses that collect personal data from or about Massachusetts residents will need to adopt a comprehensive written security program. Unlike most state-based data privacy laws, which focus primarily on public disclosure once a breach occurs, the new Massachusetts law prescribes that more stringent protective measures be taken to prevent breaches from occurring in the first place. "
Interesting to note the following insightul comments about this law being more actionable and posing certain challenges as a result. "The Massachusetts law is more actionable than most data security regulations as it prescribes specific technical measures that must be taken to protect Personally Identifiable Information (PII), hence it forces businesses to become proactive in securing technology. Many of the measures outlined in the bill are actions that companies should already be taking, such as ensuring that the enterprise is adequately protecting PII. While this initiative seems intuitive and straight-forward, it has proven to be challenging for many organizations.
Read the Full article here http://www.cio.com/article/591051/Privacy_in_a_Mobile_World_Massachusetts_Data_Privacy_Law?source=rss_news
*** Credits and source: CIO Magazine
Here is an interesting article on the rising costs of data breaches published in January 2010.
"The cost of a data breach increased last year to $204 per compromised customer record, according to the Ponemon Institute's annual study. The average total cost of a data breach rose from $6.65 million in 2008 to $6.75 million in 2009 ..." Read more at http://www.pcworld.com/businesscenter/article/187611/data_breaches_get_costlier.html
Dr Larry Ponemon, Chair and Founder of the Ponemon Institute notes the main causes for a data breach based on the results from 45 companies that shared their stories for the "Fifth Annual U.S. Cost of Data Breach Study," sponsored by PGP - "As part of our analysis, we try to get at the root cause of the data breach," Ponemon says. "There's negligence, where people make mistakes, such as lost laptops, accounting for 40% of the data breach cases. There are system glitches, such as a third-party sending out statements they shouldn't, which was 36%. And there are malicious and criminal attacks, at 24%."