Regulatory compliance tips on how to meet new data governance regulations that affect your company--failure could mean fines, loss of reputation and other risk management nightmares.
NEWSLETTERS
SUBSCRIBE TO CIO
Are you involved in setting the direction for your company's IT budget or strategy?
Apply today for a FREE subscription to CIO Magazine!
» Subscription Services
» Reprints
Reader Feedback
Privacy Compliance 101: Why Massachusetts Data Security Standards DO Affect You
READER FEEDBACK
Joseph Lazzarotti Mon, 2008-12-01 11:04
In a development that likely occurred after this article went to print, according to the Office of Consumer Affairs and Business Regulation (OCABR), the effective date for compliance with Massachusetts’ data privacy and security regulations has been extended generally to May 1, 2009.
The regulations originally required businesses to be in full compliance on or before January 1, 2009. Attributing the extension to the economic downturn, a November 14, 2008, OCABR press release rescinds the January 1, 2009, deadline and replaces it with a general compliance deadline of May 1, 2009, with additional time allowed for certain aspects of the regulations. Under the extension, businesses will have until January 1, 2010, to obtain certification from vendors concerning their compliance with the regulations and to encrypt portable devices other than laptops.
Even with the extended deadlines, the regulations create a number of new requirements for businesses that will take time to implement, such as the risk assessment, policy preparation and training requirements. Businesses, therefore, should continue to move quickly to comply.
Joseph Lazzarotti, Partner
lazzarottij@jacksonlewis.com
Jackson Lewis LLP
Anonymous Mon, 2008-12-01 14:22
The author really ought to address the Commerce Clause constitutional issue. I doubt Massachusetts can get away with telling every business in the world how they must handle information about Jane Doe just because Jane happens to live in their state. They certainly wouldn't get away with that kind of [nonsense] if Jane were to travel physically to another state; there's no reason for it to be any different if Jane were to 'travel' electronically.
MobileAdmin Tue, 2008-12-02 16:05
This pretty much kills the iPhone at the enterprise level as there is no way to encrypt the iPhone nor has Apple released the API for 3rd party encryption
Wayne Edwards Fri, 2008-12-05 11:04
As a business owner, Mass. has just shut the doors to my business. Why should I put in special compliance for one of 50 states? I hope that others follow suit. No insurance companies, no healthcare companies, ... Hope that Mass. Unemployment Insurance has large reserves!
Anonymous Fri, 2008-12-05 12:32
Washington and Michigan have similar legislation in the hopper for 2009, and California has a draft ready.
Post new comment
RELATED SOLUTIONS
There's a lot of buzz about Windows 7 out there. Each month in our webcast series, listen to analysts and customers discuss how Windows 7 and the Windows Optimized Desktop is impacting large companies around the world. Learn how they evaluated Windows 7, including the cost of deployment, deployment strategies, and tangible benefits.
Sponsored by Microsoft
Listen to on-demand Recordings »
Service Level Management Best Practices Life Cycle Overview - Improve Service Levels
Best practices for Service Level Management (SLM) is a process for consistently meeting customer requirements and delivering on IT's promises. See the steps required to ensure high-quality SLM.
Sponsored by Compuware
Read this White Paper »
Keeping Your Members Safe from Online Scams and Predators
In order to keep fraudsters out, romance sites must deploy effective solutions that look at information independent of what is supplied by users. A device fingerprinting solution such as iovation ReputationManager™ provides unique insight into the computers being used to create multiple accounts and exposes hidden device-account relationships that identity-based fraud solutions often miss.
Sponsored by iovation
Read this White Paper »
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Global Warming Research Exposed After Hack
Silicon Valley Abuzz About Tech Video That Lets You Command a Computer With Gestures
Two Approaches to NFC Battle for French Hearts and Mobiles
Palm Pixi Smartphones Now Just $25
FCC: Internet Program for Deaf Cheated Out of Millions
Judge Sets Schedule for Google Book Search Case
Twitter Geotagging: What You Need to Know
Twitter Turns on Geolocation Functionality
Some Nook E-Readers Won't Make it for the Holidays Either
Google's Chrome OS Hits BitTorrent
WHITE PAPERS
FEATURED SPONSORS
SPONSORED LINKS
| CIO MARKETPLACE | buy a link |
Software License control, Windows XP/2000 Upgrades
Use your Intranet to manage Software Licenses, plan for Windows XP/2000 upgrades, do Security Audits and more. Click to try and ask for our white paper - PC Management for the Internet Age.
UNIX and Linux Performance Tuning SimplifiedSarCheck is a performance analysis and tuning tool for most UNIX & Linux operating systems. It produces recommendations with full explanations, and both supporting graphs and tables. Get the most from your hardware by keeping your systems tuned.
.NET Developer Wanted - Boston - Local CandidatesAIR provides sophisticated analytical tools and software systems to help companies manage that risk. We are seeking a Sr .NET Developer with 8-10 yrs exp in .Net & OO development. ASP.NET, VB.NET skills required. Annual bonus - Apply Now
Get More from Your Oracle DatabaseDBAs are constantly challenged to increase performance and keep costs down. This paper discusses the industry best-practice Wait-Event analysis and how Confio has combined this with their Resource Mapping Methodology to optimize DB performance.
THE IDG NETWORK
© 1994 - 2009 CXO Media Inc.