Archive

Archive for February, 2010

Massachusetts Data Protection Law 201 CMR 17.00

February 24th, 2010 rfernandez No comments

Next week, March 1, 2010, Massachusetts will implement the most stringent data protection law in the nation.

Massachusetts Data Protection Law 201 CMR 17.00 will require businesses, engaged in commerce, to adopt written security polices and encrypt personal data, of any Massachusetts resident, stored or transmitted through the Internet or wirelessly.  Personal information includes a combination of customers’ or employees’ names and their Social Security, bank account or credit card numbers.   The key to this new law is that regardless of where your business is physically or operationally, if you handle or store the personal information of any Massachusetts resident, you are legally obligated to protect that information.

This is the first data privacy law that allows a court to impose a $5,000 civil penalty for each violation—if a ‘violation‘ is interpreted by a judge to mean the unauthorized access to a single individual’s personal information, the potential damages could be enormous.  In addition to fines, failure to comply may risk your company to expensive audits and costly civil litigation.

If your organization owns or licenses personal information then you need to ensure that this information does not get transmitted and is not stored in clear text.

Check out the Boston Herald article, “State to firms: Protect data”.

Categories: 201 CMR 17.00, DLP, Data Loss Prevention, State Security Breach Laws Tags:

Speaking at NAFCU Technology & Security Conference

February 19th, 2010 CLeffel No comments

I will be speaking at the NAFCU 2010 Technology & Security Conference in Las Vegas next week.

The conference schedule is available here: http://www.bit.ly/aj3xQt

The extract for my speaking engagement is below… hope to see you there!

TITLE: Preventing Member Info Leaks 2.0 & Next Generation E-mail Encryption
EXTRACT: Credit union customer representatives have a mission to provide excellent service but in their continuous efforts to excel their assistance, they may be putting your organization at risk. They may be encouraged to reply to member emails via webmail programs, or they may interact with members on social media sites like Facebook or Twitter. In this discussion you will learn how data loss prevention (DLP) systems can monitor Web 2.0 traffic for member information and what controls are available to remediate potential information leaks.

-Chris

Categories: DLP Tags:

Video: Introduction to Data Loss Prevention

February 17th, 2010 CLeffel No comments

In this video, I give a quick “chalk talk” about what data loss prevention is, and the two main things you should remember when purchasing a solution to prevent sensitive data from leaving your network.

Tops Covered Include:
* Basics of Data Loss Prevention
* What makes Data Loss Prevention solutions so accurate

Video on YouTube: Introduction to Data Loss Prevention

-Chris




Categories: DLP, Data Loss Prevention, Video Tags: