Regulatory Compliance

Is Your Business Compliant?

Please note: Here at Monument Technology, we have expertise with HIPPA compliance and Section 508 requirements.  Please Contact Us for more information.

Massachusetts 201 CMR 17

In an effort to protect Massachusetts residents from the rising incidence of fraud and identity theft from data loss, the Commonwealth of Massachusetts has implemented aggressive regulatory requirements to protect personal information. The state now requires mandatory compliance with 201 CMR 17.00 - Standards for the Protection of Personal Information of Residents of the Commonwealth (also known as just 201 CMR 17, or the Massachusetts Privacy Law). Building on California’s landmark security regulation SB-1386, Massachusetts Privacy Law establishes a minimum standard to be met for the protection of Massachusetts residents’ personal information contained in both paper and electronic records. For the purpose of being compliant with the new Massachusetts data privacy law, personal information is defined as a resident’s first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to the resident:

• Social Security number
• driver’s license number or Massachusetts identification card number
• financial account number, or credit or debit card number, with or without any required security code, access                           code, personal identification number or password that would permit access to a resident’s financial account
     • a biometric indicator

The Massachusetts data privacy law has set a new level in state security laws by regulating both private and public sector entities that handle Massachusetts residents’ sensitive data, regardless of where that entity is located.

Here at Monument Technology Group, we will help you implement sound vulnerability management practices that ensure your entire infrastructure is protected from intruders, while guiding you step-by-step through the implementation of security controls required under Massachusetts Privacy Law 201 CMR 17. Contact us to find out more about how Monument Technology Group can help you incorporate the Massachusetts Privacy Law into your on-going security management program.