Massachusetts Privacy Protection Law 201 CMR 17.00, which goes into effect March 1, 2010, does not specifically call for the encryption of fax transmissions, nor does it specifically mention how fax transmissions should be handled. With that said, the intention of the law was NOT to exempt fax transmissions of personal information (PI) from consideration when creating a Comprehensive Information Security Program (CISP). There are a couple of sections in the regulations that do refer to the transmission of PI and therefore, one could reasonably assume, that the Commonwealth would have you consider these sections when considering your organizations policy around the handling of fax transmissions containing PI.
Don’t forget about the paper!
There’s been a tremendous amount written lately about how to prepare for the upcoming March 1 deadline for compliance with Massachusetts 201 CMR 17.00. Almost everything I’ve read has focused on the electronic aspect of the regulation with little or no attention paid to how an organization will change the way they handle paper containing personal information. Just as a reminder, the intent of 201 CMR 17.00 is to establish minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records.
About
This is the TBG Security Blog. Here you'll find news and information about IT Security. At TBG Security we’re agnostic when it comes to products, so you can be assured that the opinions posted here are not tainted by any vendor endorsements. These are simply our thoughts and insights on the world of information security as we see it. .
Categories
Archive
Most recent entries
- Are Fax Transmissions Covered Under 201 CMR 17.00?
- 201 CMR 17.00 About To Be Enforced?
- PCI DSS v2.0 - Sneak Peak Revealed
- Getting Ready For 201 CMR 17.00
- The 201 CMR 17.00 Compliance Deadline of March 1, 2010 Is Rapidly Approaching.
- Obama makes the right choice with Howard Schmidt appointment.