What are 93H & 93I?
Massachusetts General Law 93H
93H requires all businesses in Massachusetts to take serious measures to prevent identity theft. Any business holding the name of a Massachusetts resident and their Social Security Number, Driver’s License Number, or financial account number (including credit or debit card numbers) is subject to this new Massachusetts data protection law.
What are you required to do?
Among the compliance standards for this new data protection law include the following:
A written comprehensive information security program (CISP).
Controls on employees’ access of sensitive information, including physical security safeguards, computer user access levels and user authentication protocols.
Security measures on computer information systems, including data encryption, anti-virus and anti-spyware software, and firewalls.
Periodic review of audit trails and monitoring of systems for unauthorized access.
Proper disposal of sensitive information, as outlined in new Massachusetts data protection laws.
Massachusetts General Law 93I.
93I requires the shredding or destruction of any paper files containing sensitive information and the erasure or destruction of any electronic files or data storage devices containing personal information of employees or customers.
93I also requires a written policy regarding the disposal of sensitive information.
What are the penalties?
A violation of 93H levies fines of up to $5000 per record compromised.
A violation of 93I levies fines of up to $100 per record compromised with a maximum of $50,000.
This does not take into consideration the loss of your company’s hard-earned reputation and the potential loss of credit.
Safeguard can help guide you through compliance. Call Sean at 508.795.1015 for a Free Assessment, email Sean at email@example.com or log onto www.safeguardrecords.com for industry specific information.