Take our FREE 30-Day Trial with no obligation required.

Experience for yourself why MaaS360 is a leader in MDM Solutions.


Fill out your information below to start.

Your email and personal information are confidential, and will not be sold or rented. See our Privacy Policy for more information.

Click here to hide

MaaS360 by Fiberlink

Mass Data Protection Law: Start of a Trend?

Mass Data Protection Law: Start of a Trend?

by MaaS360 staff | March 01, 2010

On March 1st, 2010, the state of Massachusetts raised the bar for companies and their IT organizations by implementing tough legislation that requires new protections for customer data. Any organization that has customers located in Massachusetts will have to abide by 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth, aka, the Mass Data Protection Law. This regulation applies to all organizations "who own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts."

This is a game changer in the security industry, as encryption will quickly become a requirement for all organizations that want to do business in the 3rd most densely populated state. Organizations that do not comply may, in the event of a data breach, be exposed to claims by the Massachusetts Attorney General, businesses and individuals under Massachusetts' consumer protection statute. Aside from class action law suites and audit costs, non-compliant organizations can also be charged up to $50,000 per incident for improper record disposal, with a maximum fine of $5,000 per violation of compliance standards. In the event of an attack, this could cost a company millions of dollars. When TJX was compromised in 2007, it cost them $250 million dollars in just the first 12 months following the data breach. The Massachusetts state law, if it was in effect at the time of that breach, could have more than doubled this total.

Identify theft is a scary thing... It must feel good to be a Massachusetts resident and know that your state is looking out for your personal identity and holding organizations accountable. Expect other states to follow. Throughout history, Massachusetts has paved the legal road for many social issues, and shortly thereafter other states followed by enacting their own protections. We can be sure that regulations like this are not going away (for example, there’s Nevada's re-vamped encryption law SB 227, and these regulations will continue to drive organizations to implement security standards and encrypt all data residing on their devices.

Deploying encryption software can strike fear in the hearts of IT organizations throughout the country that are already short of resources. "Companies needing to move quickly to implement data encryption should follow best practices and evaluate managed services that take advantage of cloud computing,” says Mark Nafe of Checkpoint. Other "best practice" recommendations include:

  • Select the right technology based on your objectives. Full Disk Encryption tends to be more of a "set it and forget it" product line, which can enable organizations to move fast and gain compliance with this regulation. Other technologies allow you to pick and choose what to encrypt.
  • Plan the project and design the solution. Ensure you have the right people in place, and offset burden wherever possible by taking advantage of managed service providers with experience.
  • Prepare and configure the software. Be sure to test the software's configuration on any and all corporate images you manage to minimize potential install failure rates.
  • Remember everyone. Don't forget those users that do not frequently connect to the corporate network.
  • Track your roll out. Practice proactive management based on reporting and business intelligence. Watch for potential issues and proactively remediate where needed. Ensure that you have a reporting solution in place that will allow you to prove compliance with this regulation quickly and efficiently.
The key component of the Massachusetts Data Protection Law is this: "Encryption of all personal information stored on laptops or other portable device." With MaaS360 and Checkpoint, you can protect your devices, and prove it. To learn more about how this managed encryption service can help, click here and request a demo.

, , , , , ,

Post a Comment

No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments

Get Involved!

Sign in using one of your existing social accounts.

...or manually register for a new account here.

@MaaS360 on Twitter more...

  • MaaS360 MaaS360 by IBM
    Malware, Masque and More: 4 Tips on Protecting End Users from Their Apps bit.ly/1wq4uwy
  • MaaS360 MaaS360 by IBM
    How vulnerable are financial institutions to cyber attacks? Very. ibm.co/1ClNcrf via IBM Security Intelligence
  • MaaS360 MaaS360 by IBM
    Three Reasons to Be Concerned About 'Anonymity' Apps ibm.co/1L4Uio6

Most Active Users

Joe Pappano
Donna Lima
Pragati Cha...
TRUSTe European Safe Harbor certification TruSaaS
© Fiberlink Communications Corp. All rights reserved. Privacy Policy
All brands and their products, featured or referred to within this site, are trademarks or registered trademarks of their respective holders and should be noted as such.