If you work with  businesses in Massachusetts, there is another aspect of the new identity theft regulations that you need to be aware of.  As part of the regulations, Massachusetts organizations must also confirm that their service providers are taking appropriate security measures when handling personal information by requiring them to complete a “201 CMR 17 Third Party Compliance Contract”.

Personal information includes social security numbers, credit card or bank account numbers, PIN numbers and/or passwords to access financial accounts.  Law firms, insurance agencies, realtors, financial services brokers and IT firms are just a few of the many businesses  who will be receiving the contracts as their Massachusetts clients complete the checklist for 201 CMR 17.

In order to be compliant themselves, companies must select and oversee third-party service providers that are capable of maintaining safeguards for personal information and contractually require that they adhere to them.  Compliance is a process that takes time to implement.  Don’t jeopardize lucrative client relationships – use the 201 CMR checklist to create a Written Information Security Program (WISP) for your company BEFORE you are asked to sign off on a Third Party Compliance Contract.

Tags: Compliance

This entry was posted on Tuesday, May 25th, 2010 at 8:20 am by Tracy Fox and is filed under Operations, Technology Planning, Technology Tips, Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.