Small Business Tech Tips

When Massachusetts passed its groundbreaking data security law last year, the IT world had mixed responses. Some said its too tough for most businesses to get into compliance, some said it was a case of too little, too late in light of some highly publicized breaches (ahem, TJX anyone?), some wondered how enforceable the law would be and if the punishments would be enough to enforce secure data protection.  On March 28, 2011, the Massachusetts Attorney General put  the spotlight on a restaurant group with a lackadaisical approach to keeping its customers’ credit card information secure. The group is on the hook to the state of Massachusetts for $110,000.  Click here to read more about the judgement..

While the Massachusetts law only covers companies doing business with Massachusetts residents and handling their sensitive personal information, all businesses should hold a mirror to their data protection standards.  I should note that this breach actually occurred prior to the big Massachusetts regulation last year and the suit was actually filed under the Consumer Protection Act.  However, after 2 years the group still had not properly secured their IT systems and the final judgment dictated that they must get compliant and have a ??Written Information Security Program (WISP).

So, do you have your WISP yet? 

Greg Williamson

Related posts:

Read more by: Greg Williamson

Tags: data security, Massachusetts data protection, WISP, Written Information Security Program

This entry was posted on Monday, April 11th, 2011 at 8:00 am and is filed under Small Business Security Tips, Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.