1 / 18

New Data Regulation Law 201 CMR 17.00

New Data Regulation Law 201 CMR 17.00. TJX Video. Secure Access control measures Secure user authentication protocols Monitoring for unauthorized access Encrypt PI that is or would be transmitted wirelessly. Minimum Requirements. Encryption of all PI on portable media Laptop Smartphones

lucy-gregory
Download Presentation

New Data Regulation Law 201 CMR 17.00

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. New Data Regulation Law 201 CMR 17.00

  2. TJX Video

  3. Secure Access control measures • Secure user authentication protocols • Monitoring for unauthorized access • Encrypt PI that is or would be transmitted wirelessly Minimum Requirements

  4. Encryption of all PI on portable media • Laptop • Smartphones • PDA’s • Up to date Firewall and Security Patch Protection • Up to date security agent software • Virus Protection • Malware • Employee Training Minimum Requirements

  5. Create a policy that encompasses the entire organization – develop a Security Policy to Safeguard PI • Identify existing PI • Advise senior management if current technology places PI at risk • Define rules for protecting PI that covers both paper and electronic records W.I.S.P.

  6. Ensure all Employees that have access to PI records are trained in safeguarding • Ongoing training through workplaces posters and e-mails • Signed polices provide audit trail • IT policies are important too.. • Your login credentials are the “keys to the kingdom” W.I.S.P.

  7. Store Hardcopies • Restrict Access • Monitor Access • Establish “Location” Policy • Scan Hardcopies • Store Electronically • Restrict Access • Monitor Access • Shred Hardcopies Safeguards for PI

  8. Encrypt all Laptops entire hard disk drive, PDA’s memory, and Smartphone's that hold PI against loss or theft • PI data is unreadable even if disk drive is moved to another Laptop • Unlocking disk encryption requires proper username and password, or more • Or Encrypt PI files stored on Mobile Devices Safeguards for PI

  9. PI data stored on Portable Media (ex. DVD or USB drives) must be encrypted • Recommendation: Use software that encrypts any data stored on Portable Media, or has Port Control to prevent users from copying to Portable Media • All Backup Tapes or External Hard Drives software must be encrypted. Safeguards for PI

  10. If PI is sent across a wireless network, it MUST be encrypted • Patch Management must be up to date • Up to date Anti Virus • Companies Firewall is to be up to date • Wireless encrypted with security access Safeguards for PI

  11. E-mails containing PI must be encrypted if sent via the internet. • E-mail “Content Filtering” electronically searches the body of the e-mail and attachments for PI • E-mails with PI will be automatically encrypted before traveling over the internet. Safeguards for PI

  12. For Third Party Vendors, you should obtain written certification of compliance with MA Privacy Regulations from business partners you share PI data with • IT Companies • Payroll Company • Benefit Companies • 401(k) • Life Insurance • Insurance • Caution: E-mail communications with these parties frequently involve PI data – ensure those e-mails are encrypted Safeguards for PI

  13. Survey employees for other resting spots for PI data (ex: unlocked filing cabinets, portable media, briefcases at homes, etc. • USB Flash Drives • DVD • CD Safeguards for PI

  14. Terminating Employee’s • Disable User right away • Redirect E-mail to another user • Remove Remote Access • Don’t allow ex employee near PI Safeguards for PI

  15. Thumb drive has info from the state • Massdatalaw.com • Free trail version of Safe House • Kevin@securebiznetworks.com Recap

More Related