There a trend in State’s requiring business to protect personal information of their residents. This new laws apply to all businesses even those not located in the State. Tried in the California courts, it has stood the test and I expect this trend to rapidly spread to every State in the nation.
Massachusetts follows California, Utah, Connecticut, Nebraska and Pennsylvania in putting regulation on businesses and individuals outside of their State that hold information about their residents. This means that if you have any customers that live in these States (and expect these laws to spread quickly) you are required to protect their information in specific ways.
As an example, here’s what the Massachusetts’s law says:
http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf
In a nutshell, if you have any information about one of their residents you are required to protect it and document in a security plan how you are going about it protecting this information.
The good news is that this doesn’t have to be a hugely elaborate or expensive effort. But you will need to have one, if not today, then eventually because it won’t be long before every State enacts similar laws.
So what is consider personal information?
Note that earlier in the document that “person”and “resident” encompass business entities are well as individuals people.
So if you have a name and another piece of information you are subject to this law. Many businesses will have a name and a tax ID number that’s enough to find yourself subject to these laws.
If you think you are or might be subject to these new regulations, we can help you develop your plan and reduce your liability.
–Harbor Computer Services 248-850-8616
