Software // Information Management
Commentary
8/27/2009
06:30 PM
Randy George
Randy George
Commentary
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Massachusetts Data Privacy Law Delayed, Again

We predicted this eventuality here, in this blog, 6 months ago. The MA Data Privacy law, touted by some as the most far reaching in the nation, is too unwieldy for small businesses to follow. However, the law is getting watered down a bit, making it more palatable for small businesses.

We predicted this eventuality here, in this blog, 6 months ago. The MA Data Privacy law, touted by some as the most far reaching in the nation, is too unwieldy for small businesses to follow. However, the law is getting watered down a bit, making it more palatable for small businesses.So let's suppose you run a small business, say less than 25 employees. Do you even have a formal IT department? Perhaps you do, but most likely you've outsourced your IT operations, and you only call them in an emergency because making payroll is stressful enough. Now imagine having to comply with a data security regulation that was originally conceived of as a result of TJX, a company with millions of customers containing millions of records of personally identifiable information within their data centers.

The question is, should your business be held to the same data security regulation that TJX should? Thankfully, along with this second delay in the implementation of the new MS Data Privacy law, the original legislation has been amended to take a more "risk based" approach. What does that actually mean? Well, from what I can tell, the judiciary will have plenty wiggle room when assessing your ability to comply with the wide range of requirements written into the legislation.

The new version of the law (201 CMR 17.00) seems more palatable for small business. Much of what is in the presently proposed legislation should already be happening, even within small shops. Things like implementing password policy, auditing permissions to data that contains PII, ensuring virus and malware software is up to date, disabling the accounts of terminated employees, etc.. Those are tasks that clearly should not introduce additional burden on small businesses. The requirement to encryption PII can get tricky for small businesses, but few will argue about the merits of forcing this requirement.

The state of MA will be holding a public debate on the bill on 9/22 in Boston. It should be an interesting spectacle. Perhaps this hearing will devolve into a health care like shouting match between big business and the legislature. I plan on going, stay tuned for more.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.