News Updates

Understanding Massachusetts Data Security Laws

Massachusetts has strict statutory laws regulating how companies manage an individual’s personal information. All companies need to create a written information security plan (WISP) for the secure management of personal information that is stored both digitally and physically. 201 CMR 17. Here are two often overlooked aspects compliance that you should review in order to create a comprehensive WISP and comply with data security regulations.

1. Store and Dispose of Information Safely

Your company’s WISP should outline procedures for the safe storage of individuals’ personal information. Written information should be in locked cabinets, and digital information should be password protected. You also need to include provisions for how your company disposes of sensitive information.  Rather than simply throwing out sensitive materials, they need to be destroyed or shredded. Digital storage devices also need to be destroyed. If you’re looking for help with hard drive destruction Boston MA, you should choose a company that can come onsite so as to avoid moving sensitive material offsite.

11 new state privacy and security laws explained: Is your business ...

2. Send Information Securely

Emails that contain personal information should be encrypted to help ensure that the information doesn’t fall into the wrong hands or isn’t mistakenly viewed by the wrong addressee. Many medical care providers who follow HIPPA compliance laws may already be familiar with this type of electronic correspondence, but it may take companies in other fields some extra time and effort to get accustomed to encrypted emails. Some people who struggle to manage sending and receiving encrypted emails consider faxing to be a preferable alternative, while others find faxing to be an outdated and inconvenient form of communication that may in fact increase the probability of information being lost in transmission or once it is received in an office setting. It’s important to note that using a fax to email program invalidates the substitution of a fax for an email because it triggers the same data security requirements as regular email.