Blog

Do You Meet the Terms of Massachusetts Data Privacy Law?

password 2In response to significant cyber crime threats and people's mounting concerns about compromised privacy, governments at different levels have been passing regulations concerning data protection. Even businesses outside of the health and financial sectors face the challenge of meeting evolving regulatory standards.


In recent years, Massachusetts passed cyber security laws applicable to businesses that collect personal data from customers. Names, credit card numbers, social security numbers and bank account information all fall under the scope of private data. A wide range of businesses of all sizes depend on gathering, storing and licensing these kinds of information; as such, business owners need to comply with the regulations or face possible legal action.



The challenges of regulatory demands

Regulatory compliance is challenging for any kind of business, but small businesses in particular can find it daunting. A limited budget and a lack of in-house IT personnel make it more difficult to adapt to changing security requirements.

Also, the regulations themselves present difficulties in how they're written. Sometimes they're spelled out clearly, with specific steps that businesses should take and specific requirements to meet. Other times, the language is more vague and open to wider interpretation.

For example, Massachusetts law demands that businesses come up with "administrative, technical, and physical safeguards" for their data; the specifics of these safeguards depend on a number of factors, including the company's size, nature and resources. It's often unclear to business owners if they're acting appropriately to meet regulatory demands; each business is unique and so are its cyber security solutions. It doesn't help that the law uses expressions such as "reasonable steps" without always detailing what these steps are.

So what does compliance mean?

Ensuring compliance means carefully reviewing the law, following the relevant specifics, and doing one's best to keep in the spirit of the law when the wording becomes more vague.

A key part of the law demands that businesses write out a comprehensive data security plan, implement it and maintain it. This plan must encompass major aspects of security, including the following:

  • Technological strategies and defenses against data breaches. These include the use of encryption for stored and transmitted files, firewall protection, anti-malware programs, security updates, and strong password selection. They also involve monitoring your system for unauthorized intrusions.
  • Administrative controls and employee training. You should carefully determine who has administrative privileges when it comes to knowing passwords, downloading software and performing system maintenance. You should also have protocols for different situations involving employees; for example, when employees leave your company, how do you prevent them from accessing sensitive data? Furthermore, part of your data security plan should include employee training and strategies to ensure their compliance with cyber security measures.
  • Physical security. Businesses need to protect their offices and other work spaces from theft. Could a criminal easily break into your office and make off with a laptop or a folder full of printed files containing sensitive information? Could someone stroll in during business hours and sneak onto a computer when no one notices? Another concern is if your employees use a mobile device that gets stolen; are you able to remotely wipe the data from it if the device goes missing?
Complying with Massachusetts data privacy law poses challenges, whether it's meeting the specific terms of the law or interpreting its generalities and more vague instructions.

Regardless of whether or not your business has hired in-house IT personnel, you should consult with experts who can help you bring your data security program up to regulatory standards. When you contact us, you'll receive advice and assistance in developing a comprehensive plan to protect your data and comply with the law. Beyond legal compliance, your plan will help prevent the significant financial losses and diminished customer trust that accompany a data breach.
Had Enough?If your business seems to be caught in a never ending cycle of computer problems and complaints, perhaps you have been focusing on the symptoms rather than the source of the problem. The underlying cause is most likely a lack of professional IT management. At White Mountain, we take responsibility for the operation, management and support of your IT infrastructure. Don't settle for the IT systems cycle of torture,there is a better way, give White Mountain a call today...

- Onsite Service Coverage Area -

Onsite Computer Support Services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH and then down into Boston. From Northern and Central Mass we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

 

603-889-0800

White Mountain IT Services
33 Main Street Suite 302
Nashua, New Hampshire 03064

 

 padlock1  Cyber Security Toolkit

cloud desktop2 Cloud Desktop Login

Open Positions