Did you know that The Massachusetts General Law Chapter 93H requires businesses to have a written WISP as part of the 201 CMR 17.00 regulations? Did you know these regulations went into effect on March 1, 2010? Do you know if you are compliant with this regulation? If you answered “NO” to any of those questions, we suggest you continue reading and take action immediately if you have employees in the State of Massachusetts.

Do We Need to Comply?
201 CMR 17.00 regulations or more commonly known as the “Massachusetts Data Protection Act” require that any companies or persons who store or use personal information (PI) about a Massachusetts resident develop a written, regularly audited plan to protect personal information. Both electronic and paper records will need to comply with the new law.

What Is Personal Information (PI)?
The regulations apply to anyone possessing personal information about a Massachusetts resident and “establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records”.

This law includes the following definition of personal information: a Massachusetts resident’s first name and last name or first initial and last name in combination with any one or more of the following data elements:
a) Social Security number that relate to such resident;
b) driver’s license number or state-issued identification card number; or
c) Financial account number, or credit or debit card number, with or without any required security code.

How do we comply?
The regulations require that such individuals/business entities develop, implement, and maintain a comprehensive information security program that is written.

For guidance on preparing a policy, please refer to the links below:

HR Knowledge, Inc. is Compliant and Protects Your Data
HR Knowledge, Inc.’s Written Information Security Program (WISP) – Information Security Policies & Standards (WISP) is intended as a set of comprehensive guidelines and policies designed to safeguard all sensitive data maintained at the company, and to comply with applicable laws and regulations on the protection of Personal Information. To read HR Knowledge’s WISP program please click here.

This content is provided with the understanding that HR Knowledge is not rendering legal advice. While every effort is made to provide current information, the law changes regularly and laws may vary depending on the state or municipality. The material is made available for informational purposes only and is not a substitute for legal advice or your professional judgment. You should review applicable laws in your jurisdiction and consult experienced counsel for legal advice. If you have any questions regarding this advisory, please contact HR Knowledge at 508.339.1300 or email us at HR@hrknowledge.com.