June 22, 2017
It’s the Law – The Emergence of Written Information Security Programs (WISP) and How NBM Can Help You Comply

You have heard about the data breaches at TJ Maxx, Target, and Michaels, just to name a few companies. What many businesses do not realize, however, is that the same data security laws that apply to those big companies also apply to small businesses in Massachusetts.  It does not matter if you have 1 employee or 1000 employees – or if your revenue is ten dollars or ten million dollars – regardless of your size, your business must comply with Massachusetts data security laws which require that you develop, implement, and maintain a comprehensive written information security program (“WISP”) to protect any personal information of customers, vendors, suppliers, or any other Massachusetts resident.

Personal information is defined under Massachusetts law as a Massachusetts resident’s first name and last name or first initial and last name combined with one or more of that resident’s: social security number, driver’s license number or state-issued identification card number, or financial account number or credit or debit card number.  Most (if not all) businesses handle customer credit cards, employee social security numbers, customer social security numbers, and other sorts of personal information in the course of their business so it is very likely that the data security laws do apply to you.

The law requires that each business handling personal information of Massachusetts residents have administrative, physical, and technical safeguards in place to protect that information.  With regard to technical safeguards specifically, Massachusetts regulations go even further to require implementation of computer system and network security requirements if technically feasible, which the Massachusetts Office of Consumer Affairs and Business Regulation has interpreted to mean that if there is a reasonable means through technology to accomplish a required result, your organization must use it.  The bottom line is that the law REQUIRES that businesses invest in technology to secure their networks and computer systems and protect personal information in their possession.

At NBM, we understand that implementing appropriate computer system and network security can be overwhelming for organizations of all sizes, especially small businesses.  NBM’s Managed IT Services and cloud and software solutions will put you on the path to data security compliance so you can do what you do best: run and grow your business.  NBM can provide you with the technology that the law requires of you, including but not limited to: up to date firewall protection, up to date operating system security patches, up to date system security agent software including malware protection and patches and virus definitions, encryption programs, secure back up and disaster recovery, and consultations and training on secure user protocols, secure access control measures, and employee use.

Not only is appropriate computer and network security the law in Massachusetts, but it is equally good business practice and liability protection.  Reported data breaches in the U.S. in 2016 increased by over 40% from 2015.  NBM can help you no matter what your situation: whether you have a WISP, have a WISP but don’t follow it, or have yet to create a WISP.  Don’t be the next statistic; call NBM so we can assist your organization with compliance and data security today.

 

-Amie T. Geary, Esq.

Corporate Counsel, NBM