If you own or license personal information about a resident of the Commonwealth, you should already be familiar (and compliant, as of March 1, 2010) with the Massachusetts Data Security Regulations, set by The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR).
While the Regulations themselves are best explained by Mr. Patrick Shea of HedgeOp Compliance in an earlier post of this blog, let’s take a moment to look at practical approaches to meeting (and exceeding) the requirements outlined in the Regulations. I will focus my post on the technological aspects of the Regulations but make sure you address the non-technology pieces, including risk identification and assessment, employee training, maintaining proper documentation, etc.
I would like to introduce you to what I call the C.I.A. of your data: Confidentiality, Integrity and Availability. As a business owner or IT gate keeper you want to make sure that your data remains secured, accurate and readily available to your employees and investors. We will get back to data C.I.A. in a second.