Massachusetts Privacy Laws: New standards for Information security
Posted by Ben Foster on Mon, Sep 14, 2009 @ 10:14 AM
The state of Massachusetts recently approved new regulations to mandate privacy and security standards for all organizations that store, license, or own personal information regarding Massachusetts residents. This means that nearly every company within the state will be impacted by this law seeing that most companies obtain personal information from their customers on a daily basis. The specific information these regulations look to protect are individual's name and address combined with either their social security number, drivers license number or state issued identification number, and their complete credit/debit card numbers. Personally I know each time I order something online, I always get a little weary typing in the details of my debit card for potentially dangerous eyes to see. While internet users such as myself are undoubtedly aware of the risk involved in divulging personal information, the goal of these new regulations intend to minimize this risk as much as possible and keep consumer's minds at ease.
It seems the primary issue here is the start date for these new privacy laws. The original deadline for compliance was January 1st, 2009. However, on November 14th of 2008 the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) announced that the deadline would be extended to May 1st, 2009, only to be again postponed to January 1st, 2010. Just when we thought the extensions and prolonging of these regulations was done, it was recently announced that the deadline for companies to have full protection of their customer's private information would be pushed back yet again to March 1st, 2010.
These delays have myself and other weary internet users questioning these extensions. The most common excuse goes back to companies struggling to survive in this economy. Many bloggers have tried to rationalize this prolonging of regulations to the costs allocated with new software that is required to fully protect their consumers from internet predators. I tend to find that excuse being used all too often these days. For these companies it comes down to a question of ethics. Distributing funds to fully protect their customer's personal information should be of great concern. It's no surprise that the economy isn't what it used to be, but the truth is that internet usage has not been affected during this time. On the contrary, it's on the rise. Internet usage among low-income Americans (those who earn less than $20,000 a year) increased 40% from 2008-2009. It is clear that the internet has become a commonality to the everyday consumer, and the protection of their private information has never been more important than it is today. So enough with the delays, let's get these regulations installed.
I wouldn't be doing my job if I didn't mention the informative presentation being held by my employer, New England Data Services (NEDS), on September 23rd at the Dedham Country and Polo Club in Dedham, Massachusetts from 3:00-6:30 p.m. The guest speaker will be Robert Adelson, a respected Boston business attorney with experience in corporate tax and a vivid understanding of the new Massachusetts privacy laws.