How to comply with the Massachusetts Data Protection Law
March 30th, 2010 by James WarrenMany organizations accross the state of Massachusetts and organizations outside of Massachusetts, who collects, owns or licenses personal information about a resident of Massachusetts, are struggling to meet the requirements of the new Data Protection Law (201 CMR 17.00), which came into force on March 1st this year.
If you fall into this category, or need to build a case for management buy-in, consider:
Massachusetts General Law, Chapter 93A, section 4 specifically authorizes the Attorney General to seek injunctive relief against the organization involved in the unauthorized act or practice. In addition, section 4 allows a court to impose a $5,000 civil penalty for each violation and if ‘violation‘ is interpreted to mean the unauthorized access to a single individual’s personal information, the potential damages could be enormous.
Did you know – ISO/IEC 27001:2005 directly covers 95% of the 201 CMR 17.00 requirements without modification and with a few specific requirements added to support the prescriptive requirement to encrypt personal information, the 201 CMR 17.00 & ISO 27001 Toolkit provides a truly comprehensive solution!
 |
201 CMR 17.00 & ISO 27001 Toolkit
“It’s good sense to avoid re-inventing existing wheels. Encourage cooperation by taking the guesswork out of… infosecurity and use template-based processes.” Jay G Heiser, VP and research director at Gartner Research.
|
The 201 CMR 17.00 & ISO 27001 Toolkit includes nearly 400 densely packed pages of fit-for-purpose policies and procedures.
If you want to save months of work, avoid costly trial-and-error dead-ends, and ensure everything is covered to current 201 CMR 17.00 / ISO 27001 standard, this toolkit is for you – buy it today!
Find out exactly what’s included and download today!
Tags: 201 CMR 17.00, Data Security, Information Security, ISMS, ISO 27001, ISO27001, ITGP
Follow us on Twitter
Join us on Facebook
RSS Feed
