A hot-button issue in information security right now is “personal identifiable information,” especially as the May 1st deadline for Massachusetts General Law 93-H (also known as the Massachusetts Data Protection Law) approaches. The law states that any business possessing “personal information” of any Massachusetts resident, including customers, employees, and the like, is required to have a comprehensive information security program, among other provisions outlined in GraVoc’s MGL 93-H quick link.

Personal identifiable information, as defined in MGL 93-H is a resident’s first name and last name or first initial and last name along with:

  • The person’s social security number.
  • The person’s driver’s license or state-issued identification card number.
  • The person’s financial account number, with or without any access codes or passwords that provide access to the person’s financial account.

In other fields, including forensics, personal identifiable information is defined with a broader scope; this definition is strictly for the purposes of MGL 93-H governance.

The quick link available above describes the range of services GraVoc can provide to help your business comply with MGL 93-H. However, the most popular service as of this point is the personal identifiable information (PII) inventory, where GraVoc professionals conduct interviews with your business’s personnel, determining where PII is collected and how it is stored both electronically and physically.

Based in Peabody, Massachusetts, GraVoc Associates, Inc. is celebrating its fifteenth anniversary helping small businesses and financial institutions find solutions in the fields of information security information technology, and beyond. To learn more about GraVoc’s services regarding MGL 93-H compliance, please consult the new https://www.gravoc.com/ or call GraVoc’s office at 978-538-9055.