Print Friendly

Massachusetts Identity Theft Protection Services – 201 CMR 17 Compliance

Organizations of all kinds, both in Massachusetts and out, are required to comply with the new Massachusetts identity theft protection regulation (201 CMR 17). The regulation applies to “all persons that own, license, store, or maintain personal information about a resident of Massachusetts” and requires organizations to meet certain minimum safeguarding standards.

The 201 CMR 17 regulation requires organizations to have a Written Information Security Program (WISP) that describes how the organization implements the required administrative and technical controls defined in the regulation.

The WISP needs to describe:

  • Who is responsible for the program
  • How you assess and treat risks
  • That you maintain a security policy
  • That your staff is trained on and is aware of security practices
  • That you control accounts and access to the protected information
  • That you verify the security practices of partners with whom you exchange protected information
  • That you only keep data for the minimum time necessary
  • That you encrypt data appropriately
  • That you maintain the configuration and software on systems and networks where protected information resides and is transmitted
  • That you learn from incidents

This list may seem daunting. SystemExperts can help.

If you are an organization with some compliance experience or none at all, SystemExperts can help you build a security program that not only complies with the new 201 CMR 17 regulation but improves your overall company security and helps prepare you for the inevitable series of regulations that will follow.

With its broad experience in compliance with other similar regulations like HIPAA, the PCI Data Security Standard, Gramm Leach Bliley, and the FTC’s Red Flag Rules, SystemExperts can help you develop a security program that fits the needs of your organization.

SystemExperts can help by:

  • Assessing the current state of your compliance with the regulation
  • Recommending cost effective controls to meet the requirements of the regulation
  • Assisting in developing a Written Information Security Program (WISP)

Learn more about our Massachusetts Identity Theft Protection Regulation – 201 CMR 17 Compliance Services.

Contact SystemExperts to learn more about how we can keep you in compliance with Massachusetts Identity Theft Protection Regulation – 201 CMR 17.