Does My Business Need To Comply With 201 CMR 17.00?
All businesses and other legal entities that owns, licenses, stores or maintains personal information about a resident of the Commonwealth is required to develop, implement, maintain and monitor a comprehensive, information security program applicable to any records containing such personal information. Personal Information will frequently be included in payroll records, employee and candidate HR files, student files, patient data, and certain consumer-related files.
What is Personal Information?
Personal Information (PI) is defined as a Massachusetts resident’s first and last name, or first initial and last name, along with one or more of the following:
- Social Security Number,
- driver’s license number or state-issued identification card number,
- financial account number, or
- credit or debit card number.
How Do I Know If My Company Is Compliant?
IF YOU ANSWERED NO…….
If you answered no to any of these questions, you’re not in compliance with Mass 201 CMR 17.00. Since ALL companies need to be in compliance, no matter the size of the organization, you’re technically in violation of this law. With the January 1, 2010 deadline long since past, TBG Security can help your organization get a jump start on the requirements to become compliant. As a trusted advisor to your organization, TBG Security can guide you through the necessary actions to achieve compliance by the deadline.
Get In Touch
Want to learn more about our penetration test services? We’re here to help.