Just a reminder that under new rules taking effect this coming Monday, March 1, 2010, any institution that holds personal data about residents of Massachusetts must create a written policy for protecting the data, and must train employees to follow the rules.
In addition, this rule also requires that organizations must encrypt any personal information – scrambling files to conceal their content – when it is transmitted over the Internet or a wireless data network. Data must also be encrypted when it’s stored on portable devices like laptops or thumb drives, to protect against identity theft if the devices are lost or stolen.
Hopefully if you or your company is affected by this new rule, then your information security management system will already include an implemented plan to comply with these new requirements.
If not, then an information security specialist from your risk management team should read a recent article published in the Boston Globe and written by Hiawatha Bray.