Home • Is This You? • How We Work • Services • Our Clients • News • Careers • Free Assessment • Free Security Analysis • Financing • Client Login • Contact Us
   
 

Click here to see this as a PDF
or to print

Warning: The Commonwealth Of Massachusetts Has Just Enacted A New Law That Directly Affects You As A Business Owner

Read on to learn about Privacy Regulation 201 CMR 17 and how you could end up paying huge fines and penalties if you don’t prepare now.

On September 19, 2008, the Commonwealth of Massachusetts passed regulation 201 CMR 17 in support of M.G.L. c. 93H, which had been enacted a year earlier to establish a framework for the safeguard of personal information of residents of the Commonwealth of Massachusetts. This new regulation goes into effect on March 1, 2010, just over a month away!

This new law will affect every business that stores, uses, or collects personal information from customers or employees such as personal credit cards, social security numbers, and other personal information (even birthdays!).

I also want to point out that this law will affect ALL businesses and ALL industries, even if they aren’t based here; if you have customers who LIVE in Massachusetts, you are liable.

What is the definition of personal information?

According to the new law, Personal Information is a Massachusetts resident's first and last name or first initial and last name in combination with any one or more of the following:

  • Social security number
  • Driver's license number or state-issued identification card number
  • Financial accounts number, or credit/debit card number

How does this new law affect you?

Depending upon your firm's existing security policies and procedures, 201 CMR 17 may affect the way that your company stores customer and employee information as well as the way you exchange information with vendors and customers. There are no minimum business size requirements to be required to comply with these new laws. But no matter how you currently store this information, you must complete a Written Information Security Plan, or WISP.

How do you create a WISP?

Depending on the size of your organization and the collection, use and storing of personal information, your company must be prepared to comply with a variety of new procedures that may impact how you do business.

We have developed a comprehensive package of guidelines, templates and critical information, which we call our Compliance Kit. This kit will enable your business to comply with these new regulations. We also offer different level of services to accompany that Kit, from a webinar that walks you through the process, to a service that includes one of our consultants walking you through the entire process.

Is your business ready for 201 CMR 17?

Go through this short checklist to see if you can answer “Yes” to all of these questions…if you can’t, you are in violation of this new law.

  • Network Access and Passwords: Do you have a documented and enforced password policy to regulate access to sensitive client data that resides on your computer network? Do you restrict access to this sensitive information to employees on a “Need to Know” basis? Or are you wide open? Are you sure your Firewall, Antivirus, and Malware software are functioning properly and updated regularly?
  • Does Your Company Have a WISP? WISP stands for "Written Information Security Plan". If you don’t have a WISP, you are in violation of this law. This comprehensive plan establishes the policies and procedures necessary to ensure the protection of your customers or clients Personal Information.
  • What Happens When an Employee is Terminated? Is there a procedure in place that properly restricts a terminated employee from gaining access to your client files?
  • What is Your Disposal Procedure for Personal Information? Do you properly dispose of sensitive data and personal information when it is no longer appropriate to store this information?
  • Do You Encrypt Email That Includes Personal Information? Do you encrypt email that contains sensitive information (i.e., a first name or initial with last name combined with a social security number, drivers license #, state issued ID card, credit card, debit card or financial account.)?

Failure To Comply With This New Law Will Cost You In The Following Ways:

  • $100-$50,000 in fines for EACH instance of improperly disposing of personal information.
  • Lawsuits from those affected that may include triple damages including attorney’s fees and legal costs.
  • Loss of trust with your customers and a PR nightmare. If you get nailed for NOT protecting your customers’ information, this will devastate the trust you have with your customers.

How Alpha NetSolutions can help you with 201 CMR 17 compliance

For the last nine months, we have been following all the legislative announcements related to these new laws, and now we’ve put together a comprehensive set of offerings to help you address 201 CMR 17.

Compliance Kit - $149

The heart of our solution is our Compliance Kit. Each of our offerings comes with this Compliance Kit, which includes a USB key containing the following:

  • Network Preparedness Guide – A guide to preparing your network to comply with 201 CMR 17
  • Compliance WISP Template – Form driven template to help you get your WISP written
  • Licensing Agreement – Covers your rights with regards to our templates
  • 201 CMR 17 Third Party Compliance Contract Template – to send to your vendors
  • TrueCrypt Setup.exe and Instructions – This will allow you to password protect & encrypt USB drives
  • 7-zip setup.exe and Instructions – this will allow you to password protect & encrypt ZIP files
  • Tmeec.exe – a 30-day trial of Trend Micro Email Encryption Client with Outlook Integration
  • A copy of MGL c.93H, the law covering security breeches
  • A copy of MGL c.93I, the law covering disposition and disposal of records
  • A copy of 201 CMR 17.00
  • A copy of the Commonwealth’s Small Business Guide for Formulating a Comprehensive WISP
  • A copy of 201 CMR 17.00 Checklist
  • A copy of 201 CMR 17.00 FAQ

Our Compliance Kit also includes the following BONUS material related to the Federal Trade Commission’s Identity Theft/Red Flag Rule:

  • A copy of the FTC’s How-To Guide for the Red Flag Rule
  • The FTC’s Red Flag Rule FAQ
  • The article from the FTC: “The “Red Flags” Rule: Are You Complying with New Requirements for Fighting Identity Theft?”

Bronze Offering - $299 now $249 until 1/31/10!

Our Bronze Offering includes our Compliance Kit and attendance at one of our webinars, a 2 hour event that will introduce you to this regulation, and walk you through the basics of getting your WISP written. This is a good choice if you are just looking for a jump start on getting your WISP done.

Silver Offering - $899 now $699 until 1/15/10!

Our Silver Offering includes our Compliance Kit and a half day seminar at your office, for attendance by anyone at your company who routinely handles personal information. This seminar will cover everything in the Bronze Webinar, but will also address specific considerations for your company. Hard Copy Materials for up to 10 attendees will be included. We will perform an evaluation of your Network Security Preparedness. We will also provide 30 days of phone support while you put together your plan, and review your final plan. This is a good choice if you have more complex needs, or just want to have an expert assist you in meeting the regulatory compliance requirements.

Gold Offering – Please Call for Pricing

Our Gold Offering includes our Compliance Kit, a half day seminar at your office (as described in the Silver Offering), an evaluation of your Network Security Preparedness, and hands on participation in the creation of your WISP (both onsite and remotely), utilizing both our staff and a lawyer well versed in Data Security Law. This offering covers any assistance you need to get your WISP completed by the March 1st deadline. If you’re feeling overwhelmed by the whole concept, or if you are especially exposed by this law (if you have a large retail operation, for instance), this option is probably your best choice.

Our 30-Day Money Back Guarantee

If you aren’t 100% satisfied with our Compliance Solution, we will do everything we can to address any issues you have with our Kit. If you still aren’t completely satisfied, we will give you your money back.

Join Our Many Satisfied Clients

Many of our clients have already taken advantage of our initial offering, here’s what they have to say about our Compliance Kit:


“A very comprehensive look at Federal and State requirements for identity protection with a few eye opening facts. The WISP is easily created with the supplied materials. The Kit is a comprehensive resource for meeting the requirements of 201 CMR 17.” --Dave Babineau, Central Coating

“Tim was very knowledgeable and well spoken." --Darlene Theriault, Netstal Machinery


“Good job getting us through some painful legalese.” --Mike Dunbar, LR McCoy

You Have To Hurry And Order Your Solution Now!

We’ve got less than five months left before the March 1st Deadline for compliance. We are approaching you now, to make sure that we can assist all of our clients with this critical task. To encourage you to act quickly, we have reduced our pricing on our consulting solutions. But to get these reduced prices, you have to ACT NOW!

Remember, this offer won’t be around forever. If you do not order by the date specified, you’ll miss these discounted rates, since our prices will be going up on 1/16. Also, there will be NO GUARANTEE that we’ll have the ability to provide either the Silver or Gold Offerings after 1/31 – we may be booked up right to 3/1 with appointments from this initial, discounted offer. So act today!


Sincerely,


Tim Shea, CEO
Alpha NetSolutions, Inc.

 

Up 
Need Help?  Call us at 508-797-0629     Alpha NetSolutions, Inc.     Copyright © 2010 - 2004 – All rights reserved