Massachusetts Privacy Protection Law 201 CMR 17.00, which goes into effect March 1, 2010, does not specifically call for the encryption of fax transmissions, nor does it specifically mention how fax transmissions should be handled.  With that said, the intention of the law was NOT to exempt fax transmissions of personal information (PI) from consideration when creating a Comprehensive Information Security Program (CISP).  There are a couple of sections in the regulations that do refer to the transmission of PI and therefore, one could reasonably assume, that the Commonwealth would have you consider these sections when considering your organizations policy around the handling of fax transmissions containing PI.

Read more

Don’t forget about the paper!

There’s been a tremendous amount written lately about how to prepare for the upcoming March 1 deadline for compliance with Massachusetts 201 CMR 17.00.  Almost everything I’ve read has focused on the electronic aspect of the regulation with little or no attention paid to how an organization will change the way they handle paper containing personal information.  Just as a reminder, the intent of 201 CMR 17.00 is to establish minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records.

Read more

Sounds a little like Chicken Little running around saying “the sky is falling, the sky is falling”.  However, the clock is ticking off precious minutes as your organization races to meet the compliance deadline for 201 CMR 17.00.  If your organization has been holding out for another extension from OCABR, then I’m afraid you’re out of luck.  March 1, 2010 is the drop dead date for compliance.

Read more

We’re happy that President Barack Obama picked Howard Schmidt to serve as National Cybersecurity Coordinator. Schmidt’s experience in both the public and private-sector sides of the security fence along with his dedication and decision making skills make him a great choice.  Good luck Howard!

Read more