Is Your Business in Compliance with Massachusetts Personal Information Privacy Laws?

While significant time has passed since the laws were enacted, many individuals and businesses still aren’t fully aware of the requirements, potential risks, and penalties for noncompliance.

Definition of “Personal Information”

Personal information is defined as “a Massachusetts resident’s first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver’s license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account.” Source: www.mass.gov

What’s at Risk?

In addition to reputation damage to a business, the financial costs of not complying with the Massachusetts privacy regulations can be significant. The Massachusetts attorney general may seek a temporary restraining order or a preliminary or permanent injunction against any entity suspected of violating the Regulations. If a court finds that the regulations were violated, it may impose civil penalties of up to $5,000 per violation, court costs and attorneys’ fees. For example, if 100 customers have their information breached, $5000 x 100 = $500,000.

If you were unaware of the law or have not developed written security procedures, please visit the links below for additional information.

• MA 201 CMR 17 Law
• FAQ Regarding MA 201 CMR 17
• Compliance Checklist 201 CMR 17

Cyber Liability Insurance Offers Support if a Breach Occurs

Beyond preparing procedures to comply, you can reduce your financial risk for various situations through Cyber Liability Insurance coverage. Some of the types of claims that may occur include:

• Accidental release of confidential customer information
• Spreading a virus into a customer’s computer system
• Theft of customer’s credit card or banking account numbers
• Derogatory comments made online about a competitor by an employee
• Denial of service attack hacking
• Electronic data extortion or destruction
• Webmaster using another site’s content in site development

While no policy covers every situation, having this specialized coverage can help if a database breach happens despite your prevention efforts.

To discuss Cyber Liability Insurance for your company, please Contact Us.