That’s the number of records involved in security breaches in the US since January 2005, according to the Privacy Rights Organization. In reality, we believe that number should be much high because many cases of exposed records are unknown or just not reported.
Just last week the Educational Credit Management Corp in St. Paul, MN reported personal information (names, addresses and social security numbers) for about 3,000,000 borrowers was stolen. It has since been recovered, but who knows how many people copied the data before the physical CDs were found.
Security breaches like this have prompted states to enhance their data security protection laws. The law with the most force? Massachusetts 201 CMR 17.
MA 201 CMR 17’s Unique Requirements
- Identify Risks: Businesses that have MA employees or clients/investors must identify and assess internal and external risks to personal information (PI).
- Inventory Location of PI: Find where PI is stored, including electronic, paper and other records, as well as on laptops and mobile devices.
- Encrypt Hardware and Data Transmissions: Firms must encrypt all files and records containing PI that are transmitted over public networks. Plus, the reg. requires the encryption of information stored on laptops, flash or USB drives and wireless mobile devices.
- Oversee and Obtain Written Guarantees of Adherence from Third-Parties: You have to ensure that your third-party service providers are also compliant with 201 CMR 17.
- Routinely Evaluate and Adjust Program: This isn’t a case of set-it and forget-it. You’ve got to monitor the security programs and make sure the scope matches your business and risk profile.
What’s at Stake?
Violators of 201 CMR 17 will face stiff monetary penalties – as much as $5,000 per violation – as well as the less calculable effects surrounding a business’ reputation.
- Privacy Compliance Standards, Remedies and Safeguards: What you need to know -- Blog Post
- Defining Data Mapping and Data Loss Prevention Technology for Financial Firms -- Blog Post
- Privacy Compliance Resource Center -- Articles, videos & more
Categorized under: Privacy Compliance
- Managing Your Applications in the Cloud: Webinar Recap & Replay
- A How-To on Appraising the Strengths and Weakness of a Hedge Fund Application
- New Considerations for Launching a Hedge Fund: Insights from the experts
- Corporate Essentials for Successful Hedge Fund Startups
- Recapping a Busy Week in Cyber Security Across the Globe
- business continuity planning
- cloud computing
- data loss prevention
- disaster recovery
- eze castle milestones
- hedge fund due diligence
- hedge fund marketing
- hedge fund operations
- hedge fund regulation
- help desk
- high frequency trading
- launching a hedge fund
- privacy compliance
- project management
- real estate
- startup & relocation
- trends we're seeing
- videos and infographics