Massachusetts privacy laws now require every organization that maintains "personal information" about residents of Massachusetts to implement a comprehensive Written Information Security Program, or "WISP" policy, that includes safeguards appropriate to the size and type of business of the organization, the amount of resources available, and the amount and character of stored information.
"Personal information" is defined as a Massachusetts resident's first name and last name or first initial and last name, in combination with any one or more of the following data elements that relate to the resident:
- Social Security number.
- Driver's license number or state-issued identification card number.
- Financial account number or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident's financial account.
Please contact Ellen Lubell to discuss the information security needs of your organization and to develop a compliant WISP policy.