Home
About Us
Client Services
UI Services
UI Support and Information
Press Releases
Contact Us







MA Privacy Laws

Frequently-Asked Questions About MA Privacy Laws

After several revisions, the state of Massachusetts has finally released guidelines for employers handling confidential information. These guidelines are some of the most far-reaching and stringent in the nation, and they impact all employers in MA, or doing business in MA, so understanding the details is critical.

 

Q. When does the law go into effect?
A. The law goes into effect March 1, 2010.

Q. Hasn’t the state already issued regulations concerning data security?
A. There were regulations enacted prior to this, but each time those were enacted, they were rescinded. The new law is “finally final.”

Q. What is confidential data?
A. The law defines confidential information as any combination of an individual’s first initial, last name and Social Security number, credit card number, or other financial account number. This data can be in electronic or hardcopy format.

Q. Who is covered by the new law?
A. All persons, including corporations, that might be in possession of confidential information for ANY MA resident is required to adhere to the regulations. If you are a corporation based on California, but you have entities in MA, you are required to comply.

Q. What are we required to do?
A. Any organization covered under the law must have a WISP (written information security policy) that defines, in part, what confidential data they maintain, how that data is secured, how it’s destroyed, and who is responsible for maintaining the policy. There’s more to it, of course, but these are the basics.

Q. What about vendors, such as Corporate Cost Control, that store our confidential data?
A. All covered entities must have, as part of their contract with a third-party provider, a written acknowledgment that the third-party provider’s security policies meet the MA requirements. It is assumed that any existing contract with a third-party is in compliance until March of 2012. Any new agreements, however, must have this stipulation.

Q. Is Corporate Cost Control prepared to comply with the law?
A. Absolutely. CCC has a comprehensive security policy that meets all the requirements of the new law.

Q. What else does CCC do to keep data secure?
A. CCC’s DataCenter is a secure facility located in St. Louis, MO and monitored 24 x 7. Data files are encrypted, and user access is carefully controlled. We also make available an easy-to-use secure email system for clients that communicate via email.

Q. Where do we go for more information?
The Associated Industries of Massachusetts (AIM) maintains a list of information on the new regulations at the Data Security Web Resource. And, of course, you can always contact your CCC Account Executive for more information, or reach us through the web .



Home About Us Client Services UI Services UI Support and Information Contact Us
Phone 1.800.683.1048  |  Fax 214.340.4404  |  info@corporatecostcontrol.com   |  899 Presidential Drive, Richardson, TX 75085
© 2008 Corporate Cost Control, Inc     Web Design Seattle www.RoryMartin.com