We predicted this eventuality here, in this blog, 6 months ago. The MA Data Privacy law, touted by some as the most far reaching in the nation, is too unwieldy for small businesses to follow. However, the law is getting watered down a bit, making it more palatable for small businesses.
We predicted this eventuality here, in this blog, 6 months ago. The MA Data Privacy law, touted by some as the most far reaching in the nation, is too unwieldy for small businesses to follow. However, the law is getting watered down a bit, making it more palatable for small businesses.So let's suppose you run a small business, say less than 25 employees. Do you even have a formal IT department? Perhaps you do, but most likely you've outsourced your IT operations, and you only call them in an emergency because making payroll is stressful enough. Now imagine having to comply with a data security regulation that was originally conceived of as a result of TJX, a company with millions of customers containing millions of records of personally identifiable information within their data centers.
The question is, should your business be held to the same data security regulation that TJX should? Thankfully, along with this second delay in the implementation of the new MS Data Privacy law, the original legislation has been amended to take a more "risk based" approach. What does that actually mean? Well, from what I can tell, the judiciary will have plenty wiggle room when assessing your ability to comply with the wide range of requirements written into the legislation.
The new version of the law (201 CMR 17.00) seems more palatable for small business. Much of what is in the presently proposed legislation should already be happening, even within small shops. Things like implementing password policy, auditing permissions to data that contains PII, ensuring virus and malware software is up to date, disabling the accounts of terminated employees, etc.. Those are tasks that clearly should not introduce additional burden on small businesses. The requirement to encryption PII can get tricky for small businesses, but few will argue about the merits of forcing this requirement.
The state of MA will be holding a public debate on the bill on 9/22 in Boston. It should be an interesting spectacle. Perhaps this hearing will devolve into a health care like shouting match between big business and the legislature.
I plan on going, stay tuned for more.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.