As the deadline for compliance with the Massachusetts Data Protection Law (MGL 93H & 201 CMR 17.00) rapidly approaches, many companies will be looking for information on what they have to do in order to achieve compliance with the regulations that are more aggressive than the “game-chang[ing]” law passed in Nevada.
The part of the law that has garnered the most attention is its emphasis on encrypting personal information. For the sake of reference, the encryption-related requirements are printed below:
- “To the extent technically feasible, encryption of all transmitted records and files containing personal information that will travel across public networks, and encryption of all data containing personal information to be transmitted wirelessly.”
- “Encryption of all personal information stored on laptops or other portable devices.”
Source: Mass.gov
Simply stated, encryption is a technical provision that makes it very difficult for an unauthorized individual to access electronic information. Encryption is especially important with email transmission (in the case that the email is intercepted over a public network) and with portable devices such as laptops, PDAs, and flash drives (which are easily lost or stolen).
Peabody, MA-based GraVoc Associates, celebrating fifteen years of business in Greater Boston, New England, and beyond, understands that the encryption standard especially is an unusual burden for businesses that don’t typically have to concern themselves with detailed information security governance. GraVoc’s information security personnel have been following the evolution of the Massachusetts Data Protection Law for several months, demonstrating their commitment to help both new and existing clients comply with this challenging law with appropriate procedures and products. For more information about MGL-93H services, as well as more information about GraVoc’s services in their other practices of information systems and financial and professional consulting, please visit GraVoc.com.