Software // Information Management
Commentary
8/27/2009
06:30 PM
Randy George
Randy George
Commentary
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%
Repost This

Massachusetts Data Privacy Law Delayed, Again

We predicted this eventuality here, in this blog, 6 months ago. The MA Data Privacy law, touted by some as the most far reaching in the nation, is too unwieldy for small businesses to follow. However, the law is getting watered down a bit, making it more palatable for small businesses.

We predicted this eventuality here, in this blog, 6 months ago. The MA Data Privacy law, touted by some as the most far reaching in the nation, is too unwieldy for small businesses to follow. However, the law is getting watered down a bit, making it more palatable for small businesses.So let's suppose you run a small business, say less than 25 employees. Do you even have a formal IT department? Perhaps you do, but most likely you've outsourced your IT operations, and you only call them in an emergency because making payroll is stressful enough. Now imagine having to comply with a data security regulation that was originally conceived of as a result of TJX, a company with millions of customers containing millions of records of personally identifiable information within their data centers.

The question is, should your business be held to the same data security regulation that TJX should? Thankfully, along with this second delay in the implementation of the new MS Data Privacy law, the original legislation has been amended to take a more "risk based" approach. What does that actually mean? Well, from what I can tell, the judiciary will have plenty wiggle room when assessing your ability to comply with the wide range of requirements written into the legislation.

The new version of the law (201 CMR 17.00) seems more palatable for small business. Much of what is in the presently proposed legislation should already be happening, even within small shops. Things like implementing password policy, auditing permissions to data that contains PII, ensuring virus and malware software is up to date, disabling the accounts of terminated employees, etc.. Those are tasks that clearly should not introduce additional burden on small businesses. The requirement to encryption PII can get tricky for small businesses, but few will argue about the merits of forcing this requirement.

The state of MA will be holding a public debate on the bill on 9/22 in Boston. It should be an interesting spectacle. Perhaps this hearing will devolve into a health care like shouting match between big business and the legislature. I plan on going, stay tuned for more.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.