Enforcement of the Massachusetts Data Privacy Law

Compliance Building, August 30, 2011

It’s been almost 18 months since the Massachusetts Data Privacy Law went into effect. Belmont Savings Bank has become one of the first charged with violating the law. Belmont Savings Bank maintained personal information on an unencrypted backup data tape and then lost the tape. According to surveillance footage the tape was likely discarded inadvertently by the overnight clearing crew and sent to the incinerator. There were several rounds of changes between the first version of 201 CMR 17.00 and the final one. One central element was the requirement that there be written information security plan in place if your company has “personal information” on a Massachusetts resident. Obviously, you need to comply with the plan. In this case, Belmont Savings Bank has the plan. But they failed to comply with it. The data tape should have been locked-up overnight and not left on a desk. http://www.compliancebuilding.com/2011/08/30/enforcement-of-the-massachusetts-data-privacy-law/

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: