Goodwin Procter has published a client alert describing the amendments to the Massachusetts Data Privacy Law (my posts on this topic). They detail three changes. First is pushing bck the complaince deadline to January 1, 2010. Second, theyhave lifted some of the contract amendments and certifications from vendors. Third, they clarified the wireless encryption requirement. … Read more »
Category: Privacy
Massachusetts Amends and Extends Its Data Privacy Law
According to this press release from the Massachusetts Office of Consumer Affairs and Business Regulation, they have once again extended the deadline for complying the with the regulations. Now the regulations will take effect Jan. 1, 2010. I have not had a chance to analyze the differences yet, but here are the amended regulations under … Read more »
Data Breach Costs $202 per Customer Record
PGP Corporation and Ponemon Institute issued their fourth annual U.S. Cost of a Data Breach Study. The study examined 43 organizations across 17 different industry sectors with a range of 4,200 to 113,000 records that were affected. According to the report, data breach incidents cost U.S. companies $202 per compromised customer record in 2008, compared … Read more »
Decoding the Science of Compliance — Are you Ready for 201 CMR 17.00?
Compliance Week broadcast a webcast on the new Massachusetts data privacy regulations: Decoding the Science of Compliance — Are you Ready for 201 CMR 17.00? (and sponsored by Iron Mountain). Garry Watzke, Esq., Senior Vice President Legal & Business Development at Iron Mountain, Inc. started with the basics which I have noted in several other … Read more »
International Data Privacy Day
January 28, 2009 is International Data Privacy Day. [Intel’s Collection of data privacy materials]. The United States, Canada, and 27 European countries will celebrate Data Privacy Day together for the second time. One of the primary goals of Data Privacy Day 2009 is to promote privacy awareness and education among teens across the United States. … Read more »
Data Breach at Heartland Payment Systems
Heartland Payment Systems (HPY) disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants. The company said it couldn’t estimate how many customer records have been compromised, but said the data compromised include the information on a card’s magnetic strip that could be used … Read more »
The New Massachusetts Data Security Regulations
Goodwin Procter sponsored a webinar on the new Massachusetts date security rules Lynne Barr Deb Birnbach Agnes Bundy Scanlan David J. Goldstone Jacqueline Klosek Deb pointed out that you may now need to collect the state of residence of the client to figure out if they are in Massachusetts. That may have the perverse effect … Read more »
Bingham Presentation on Massachusetts Data Security Law
Bingham McCuthen LLP put together a panel presentation on the Complying with Massachusetts New Data Security Regulations. Mark Robinson, a partner at Bingham, started with an introduction of the law and panel. He called the law “perilous.” Beth Boland, a partner at Bingham, went through the requirements of the new law. OCBR and the business … Read more »
New York Social Security Number Protection Law
The New York Social Security Number Protection Law went into effect on January 3, 2009. Under New York Labor Law §203-d: Employers may not, unless otherwise required by law: 1. Publicly post or display an employee’s SSN; 2. Visibly print a SSN on any ID badge or card, including time card; 3. Place a SSN … Read more »
AICPA’s Generally Accepted Privacy Principles
The AICPA and Canadian Institute of Chartered Accountants formed a privacy task force and developed the ten principles of the Generally Accepted Privacy Principles: Principle 1: Management The first principle of the Generally Accepted Privacy Principles (GAPP) is Management. This principle requires that the entity define, document, communicate, and assign accountability for its privacy polices … Read more »