MPICA (Massachusetts Personal Information Compliance Assessment) is an IT support
service that NSK Inc
is offering to businesses that need to comply with the Massachusetts General Law Chapter 93H and its new regulations 201 CMR 17.00. The law requires that any companies who own, license, store, and/or maintain personal information about a Massachusetts resident make adjustments to further protect personal information. Both electronic and paper records will need to comply with the new law. The regulations go into effect on January 1, 2010. The law was originally supposed to go into effect on January 1, 2009, but then was pushed to May 1 and then January 1, 2010 due to the state of the economy, time restraints, and confusion about the law.MPICA
offers IT help
to companies who are having difficulty making changes in their systems to adjust to this law. Identity theft and fraud are the major concerns at the core of the implementation of the 201 CMR 17.00, so it is important that the necessary changes are made within business IT systems. If a Massachusetts resident's information is leaked or captured, there could be serious consequences for the business that allowed the breach and for the individual whose information was leaked. Therefore, making changes to keep residents' information secure will be required to avoiding security breach and fines.
Companies will need a written security plan to safeguard their contacts' and/or employees personal information. It will need to be illustrative of policies that demonstrate technical, physical, and administrative protection for residents' information. The plan needs to be written to meet industry standards. Companies will have to designate employees to oversee and manage security procedures in the workplace, as well as continuously monitor and address security hazards. Policies addressing employee access to and transportation of personal information will need to be developed, as well as disciplinary measures for employees who do not conform to the new regulations. Limiting the collection of data to the minimum that is needed for the purpose it will be used for is also part of the new regulations.
Since revisiting workplace data security procedures requires in-depth changes, this is a lengthy process. It takes months for businesses to make the necessary changes required by this law, so businesses might consider starting early at contacting an IT consulting
firm and seeking its IT support
Written by Melissa Cocks