Tuesday, June 18, 2013

Regulations/Security Breech

In a previous email I asked about state regulations that you are impacted by that don’t make sense. I received about 20 responses and many of the regulations noted were local and not state. I also received comments on regulations that were created legislatively and therefore cannot be changed administratively.

What I also heard was that there is a lot of fear of retribution from the state if you speak out. I certainly understand this and am not sure how to get around this. I once held a meeting with Cal OSHA consulting and no one except myself would have the meeting in their office for fear of retribution from OSHA.

I see this as a real problem not just with regulations but any time you question government actions there is fear. This is really sad.

In a previous email I mentioned that Massachusetts had passed a law regarding data breech. Some of you have asked what the law is Please see links that provide information about Mass law.

Article: http://insurance321.com/cyber-liability-insurance-need-on-the-rise-for-massachusetts-companies

Article: http://www.dfmurphy.com/news/Do-you-comply-with-Mass-Personal-Information-Protection-Laws

Article: http://www.lexology.com/library/detail.aspx?g=9523804c-67ab-4e68-a09f-658afd17ff93

Please see below a short description of Mass law. In the coming years I believe you are going to see more of these laws passed around the country. For your own benefit and the benefit of your customers take this seriously and make sure you have protections in place. As before if you want a check list of simple protections you can implement in your company let me know and I will send you a list I have put together

Massachusetts is one of more than 45 states and US territories to enact personal information data breach notification statutes and regulations. These state schemes join multiple federal regulatory schemes requiring comprehensive data security programs. On March 1, 2010, regulations promulgated by the Massachusetts Office of Consumer Affairs and Business Regulation went into effect requiring the implementation of written information security plans as well as administrative, technical, and physical safeguards by businesses in possession of personal information of any Massachusetts resident-regardless of the business' location.

Civil litigants and regulators are poised to enforce statutory and regulatory standards using contractual, consumer data and identity protection, and common-law claims that present tremendous financial exposure to companies possessing protected personal information. This exposure includes possible claims for remedial costs to address a breach, as well as increased monitoring expenses, civil and/or criminal penalties, consumer class actions-and in some cases, exemplary and/or statutory multiple damages claims. High defense costs and potential loss of business relationships and revenue compound the exposure.

Scott Hauge


Small Business California

2311 Taraval Street

San Francisco, CA 94116



No comments: