As the deadline for compliance with the Massachusetts Data Security Law approaches (March 1st is now two weeks away), many businesses are undoubtedly looking at the new burdens that are being thrown at them and wondering if it’s necessary.  Perhaps the Massachusetts legislature got bored one day and decided to inconvenience businesses by requiring them to write information security policies and implement safeguards.  Maybe they have friends in the encryption or consulting industries.  But a recent report has given further evidence to what many already knew:  Identity theft is a growing problem and businesses that handle people’s sensitive information should make efforts to make sure that if this data is stolen, they are not the ones responsible for it.

A research group concluded there were over 11 million US identity fraud victims in 2010, a 12-percent increase perhaps caused by bad economic times (hat tip to the ISMG).  Surprisingly, over two-thirds of this crime was executed using non-technical methods, emphasizing that identity theft prevention is not specifically an IT burden.  This growing crime cost victims $54 billion in 2010.  By comparison, ID theft victims lost three times what all of Bernie Madoff’s victims lost during Madoff’s entire career.

GraVoc Associates, Inc’s information security team, which has worked primarily with the highly-regulated financial services industry in the past, has begun to work with non-financial clients with Massachusetts Data Security Law (M.G.L. 93H or 201 CMR 17.00) compliance services.  A free on-demand webinar has been recorded and distributed to existing GraVoc clients, and will be made available on later on this week.  The standards required by this law, while they are not nearly as aggressive as they were when originally penned, can require a lot of work, and many businesses have gone to GraVoc for advisory and help with compliance with this law.

GraVoc Associates, founded in 1994, provides a wide range of solutions in the fields of information security, information systems, and professional services.  The GraVoc News Blog has been following developments regarding the Mass. Data Security Law since the blog’s inception in 2008, and you may find value in perusing the archives for more information.  For additional information about GraVoc’s services in all three fields, we strongly encourage you to browse