Welcome!

Solving complex business process problems with technology.

Phil Ayres

Subscribe to Phil Ayres: eMailAlertsEmail Alerts
Get Phil Ayres via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: CEOs in Technology, CIO, CIO/CTO Update

Tech CEOs: Opinion

Yet Another Security Regulation - Does This One Have Teeth?

There is a lot of excitement around new privacy regulations. Will the Massachusetts regulations mean much?

Following hot on the heals of the new HIPAA HITECH Act, the new Massachusetts regulation for data security and information privacy came into effect at the start of this month. It has seen lots of activity from the software security vendors, as it gives them another opportunity to scare the dollars out of corporate wallets. The full regulation is 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH

The document doesn't make a particularly exciting read, although it is not that hard to get through the barely 4 pages of content. The striking thing when reading the document is how familiar all this stuff sounds. Most likely drawing from several sources, such as California Senate Bill No. 1386 ("SB 1386") for protection of personal information and privacy, and PCI Data Security Standard (PCI DSS) produced by the credit card companies, Massachusetts has pulled together a regulation into one place that at least starts to give companies no excuse not to protect the personal information of customers, partners and employees.

In my non-professional opinion, this is likely to become another checklist that sits in the binder of compliance self-certifications that companies annually review and update. I don't see much that the CIO of a company that already prides itself on protecting customer information would worry about. A the same time, if you were already losing sleep over the fact that your infrastructure is shaky and insecure, that your employees are not trained in their compliance obligations, that you don't have all your security policy documents up to date, maybe it is time to beat the insomnia and do something about it.

More Stories By Phil Ayres

Phil Ayres is the founder of Consected, providing SaaS workflow to companies that want to improve their business processes immediately, not after an expensive software implementation project. Companies that work with Consected benefit from Phil's direct experience helping organizations meet their business goals through the use of innovative process and content management solutions.