- Cyber Security Services
- Compliance Services
- IT Risk and Audit Services
- Contact Us
…to paraphrase Bob Dylan. And I’m speaking about privacy and breach laws. It would seem that every other day we hear of another set of customer data being compromised at another company. It could be just name and address, but it could be phone number, Social Security Number, bank account information, and more.
To this end, state, federal, and even governments from other countries have started to enact regulations to try to not only give customers the ability to know what data has been collected, but also what these companies need to do in the seemingly inevitable chance of a compromise occurring. The latest such mandate comes from the state of Massachusetts, who has modified their Data Breach Notification Law.
These laws vary from state to state, but they all attempt to guide organizations by requiring them to perform a set of tasks in the case of a data compromise. The amended Massachusetts legislation was signed on January 10th, and takes effect beginning on April 11th, 2019. Here are some of the increased requirements that will be taking effect:
Based on the changes coming, it would be a wise course of action to take a look at your company and its current security posture. Do you have a written information security program (WISP)? Do you have your own breach notification process, either by itself or included in your incident response plan? Have you had a recent audit of your information security controls to test their effectiveness? Like a data compromise itself, these changes are not a matter of if, but when. It pays to be informed and prepared. Contact us today to learn how we can assist your organization in preparing for these upcoming changes!