T Minus 10,080 Minutes and Counting.....

Monday, February 22, 2010

T Minus 10,080 Minutes and Counting.....

We have just one week to go before all entities that own, store, license -- or basically do anything with -- personal information of Massachusetts residents must comply with the Commonwealth's new data security regulations. Things to consider:

Have you done your risk assessment? Looked at what you collect and how you collect and how it is transmitted through and outside your organization?
Have you reached out to service providers that may have access to PI of your employees/customers?
Is your written information security plan in place, or at least have you started pulling together the various policies and processes ("P&P") that would make up a "written information security plan"? Is the plan tailored to your actual P&P and, thus an accurate representation of what your business really does (and not a template with [insert company name here])?
Have you thought about employee security awareness training?

About The Editor and Contributors

Cynthia Larose is a member in Mintz Levin's Corporate Group and leads our Privacy and Security practice. She is a Certified Information Privacy Professional, working with clients in various industries to develop comprehensive information security programs on the front end, and providing timely counsel when it becomes necessary to respond to a data breach. For Cynthia's complete Biography, visit Mintz Levin corporate website here

Contributors

Dianne Bourque - Bio

Elissa Flynn-Poppey - Bio

Haydon A. Keitner - Bio

Lance Kurata - Bio

Kevin M. McGinty - Bio

Jennifer Rubin - Bio

Julia Siripurapu - Bio

Michael S. Arnold - Bio

Disclaimer

I am a lawyer having a professional obligation to remind readers that my posting and participation in this Blog does not constitute a solicitation for employment or legal advice; however, what I write may constitute attorney advertising in some jurisdictions requiring a cautionary reminder that prior results do not guarantee a similar future outcome. In that regard, please note that I am licensed and authorized to practice law only in the District of Columbia and the States of Massachusetts and New Hampshire. Communications through this Blog, whether posted or made through a private email to me, will not create an attorney-client relationship and, therefore, do not post on the Blog, or send me or anyone else through this Blog, secret or confidential information because such communications will not be entitled to protection by the attorney-client privilege. Finally, given the nature of a Blog, involving commentary and spontaneous thought that could change after reflection or further developments, I make no warranty or guarantee as to the accuracy, completeness or adequacy of information posted by anyone on this Blog, including me. Any opinions expressed in this Blog are solely the opinion of the author and not of my law firm or anyone else associated with my law firm.

Monday, February 22, 2010