SlideShare ist ein Scribd-Unternehmen logo

New Massachusetts Data Privacy Regulation

Als KEY, PDF herunterladen
B
becarreno

Lightning presentation on 201 CMR 17.00 for Boston Ruby User Group

Business
1 von 12
201 CMR 17.00 • slideshare.net/becarreno • When: 3/1/10 • Who: “entity” that stores PI of residents of the Commonwealth • Similar to PCI DSS • Motivation: avoid another TJ Maxx
Personal Information PI • First name (or initial) + last name + • SSN or • Driver’s license number or • Account number: credit card, bank account, policy number?, ... • Any format: paper, electronic, audio, video ...
Administrative Requirements • WISP • Identify security risks • Ways to detect & prevent security failures • Designate Information Security Officer
Technical Requirements • User authentication, passwords for: software, computer, laptop, flash drive, ... • Access control • Firewalls, antivirus, keep software updated • Wireless networks must be encrypted • VPN for remote access
Technical Requirements • Email must be encrypted • Portable devices must be encrypted: • Laptop hard drive (password not enough) • iPhone, Blackberry, PDA’s • Portable (backup) hard drives • Flash drives
Technical Requirements • Fax, telephone, first class mail are complaint • If not “technically feasible” don’t do it, example: use FedEx instead of email • No need to encrypt if no PI
Recommendations • Easiest ➫ no PI • Example of WISP • Compliance checklist • VPN, WPA, firewalls, updates, antivirus, ...
Recommendations • TrueCrypt • PGP • S/MIME
References • Full Text of Massachusetts 201 CMR 17.00 http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf • Frequently Asked Questions http://www.mass.gov/Eoca/docs/idtheft/201CMR17faqs.pdf • Regulation explained and practical steps http://www.informit.com/articles/article.aspx?p=1433062
References • Sample WISP http://nengroup.com/the-basics/products-andnengroup.com-services/ma-201-cmr-17/mass-201-cmr-17- comprehensive-information-security-program-example • Compliance checklist http://www.mass.gov/Eoca/docs/idtheft/compliance_checklist.pdf • Encryption http://www.truecrypt.org http://www.gnupg.org
Disclaimer I am not a lawyer and this is not legal advice
slideshare.net/becarreno Braulio Carreno @bcarreno bcarreno@gmail.com http://carreno.me

Empfohlen

Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilitiesPeter Henley
 
IT Security Guest Lecture
IT Security Guest LectureIT Security Guest Lecture
IT Security Guest LectureMurthinty
 
Electronic Security
Electronic SecurityElectronic Security
Electronic SecurityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Cyber security
Cyber securityCyber security
Cyber securityPeter Henley
 
Haml, Sass and Compass for Sane Web Development
Haml, Sass and Compass for Sane Web DevelopmentHaml, Sass and Compass for Sane Web Development
Haml, Sass and Compass for Sane Web Developmentjeremyw
 
Monolithic 140503234652-phpapp01
Monolithic 140503234652-phpapp01Monolithic 140503234652-phpapp01
Monolithic 140503234652-phpapp01AUT
 
A Greener Wedding
A Greener WeddingA Greener Wedding
A Greener WeddingShelley Kuhn
 
Copia de adjectives in comparision
Copia de adjectives in comparisionCopia de adjectives in comparision
Copia de adjectives in comparisionLara Calderon
 

Empfohlen

Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilitiesPeter Henley
 
IT Security Guest Lecture
IT Security Guest LectureIT Security Guest Lecture
IT Security Guest LectureMurthinty
 
Electronic Security
Electronic SecurityElectronic Security
Electronic SecurityWe Learn - A Continuous Learning Forum from Welingkar's Distance Learning Program.
 
Cyber security
Cyber securityCyber security
Cyber securityPeter Henley
 
Haml, Sass and Compass for Sane Web Development
Haml, Sass and Compass for Sane Web DevelopmentHaml, Sass and Compass for Sane Web Development
Haml, Sass and Compass for Sane Web Developmentjeremyw
 
Monolithic 140503234652-phpapp01
Monolithic 140503234652-phpapp01Monolithic 140503234652-phpapp01
Monolithic 140503234652-phpapp01AUT
 
A Greener Wedding
A Greener WeddingA Greener Wedding
A Greener WeddingShelley Kuhn
 
Copia de adjectives in comparision
Copia de adjectives in comparisionCopia de adjectives in comparision
Copia de adjectives in comparisionLara Calderon
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationSam Bowne
 
Internet .ppt
Internet .pptInternet .ppt
Internet .pptTrust Odia
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
karsof systems e-visa
karsof systems e-visakarsof systems e-visa
karsof systems e-visaColin Valencia
 
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...Priyanka Aash
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Precisely
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Risk Crew
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationSam Bowne
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareFelipe Prado
 
PCI Descoping: How to Reduce Controls and Streamline Compliance
PCI Descoping: How to Reduce Controls and Streamline CompliancePCI Descoping: How to Reduce Controls and Streamline Compliance
PCI Descoping: How to Reduce Controls and Streamline ComplianceTokenEx
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)Maksim Djackov
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptxNOUREDDINEOUNINISSE
 
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Fpweb
 
PCI DSS Compliance for Web Applications
PCI DSS Compliance for Web ApplicationsPCI DSS Compliance for Web Applications
PCI DSS Compliance for Web ApplicationsSavan Gadhiya
 
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlStopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlSecureAuth
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version Brian Pichman
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security modelMicro Focus
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012Tjylen Veselyj
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyGabor Szathmari
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 

Weitere ähnliche Inhalte

Ähnlich wie New Massachusetts Data Privacy Regulation

CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationSam Bowne
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...Priyanka Aash
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Precisely
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Risk Crew
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationSam Bowne
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareFelipe Prado
 
PCI Descoping: How to Reduce Controls and Streamline Compliance
PCI Descoping: How to Reduce Controls and Streamline CompliancePCI Descoping: How to Reduce Controls and Streamline Compliance
PCI Descoping: How to Reduce Controls and Streamline ComplianceTokenEx
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)Maksim Djackov
 
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Fpweb
 
PCI DSS Compliance for Web Applications
PCI DSS Compliance for Web ApplicationsPCI DSS Compliance for Web Applications
PCI DSS Compliance for Web ApplicationsSavan Gadhiya
 
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlStopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlSecureAuth
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version Brian Pichman
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security modelMicro Focus
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012Tjylen Veselyj
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyGabor Szathmari
 

Ähnlich wie New Massachusetts Data Privacy Regulation (20)

CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident Preparation
 
Internet .ppt
Internet .pptInternet .ppt
Internet .ppt
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
karsof systems e-visa
karsof systems e-visakarsof systems e-visa
karsof systems e-visa
 
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
How To Handle Breach Disclosures? Bug Bounty, Coordinated Vulnerability Discl...
 
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
Protect Sensitive Data on Your IBM i (Social Distance Your IBM i/AS400)
 
Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891Pcishrinktofitpresentation 151125162550-lva1-app6891
Pcishrinktofitpresentation 151125162550-lva1-app6891
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
 
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malwareDEF CON 23 - Weston Hecker - goodbye memory scraping malware
DEF CON 23 - Weston Hecker - goodbye memory scraping malware
 
PCI Descoping: How to Reduce Controls and Streamline Compliance
PCI Descoping: How to Reduce Controls and Streamline CompliancePCI Descoping: How to Reduce Controls and Streamline Compliance
PCI Descoping: How to Reduce Controls and Streamline Compliance
 
PCI Compliance (for developers)
PCI Compliance (for developers)PCI Compliance (for developers)
PCI Compliance (for developers)
 
Cybersecurity.pptx
Cybersecurity.pptxCybersecurity.pptx
Cybersecurity.pptx
 
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar
 
PCI DSS Compliance for Web Applications
PCI DSS Compliance for Web ApplicationsPCI DSS Compliance for Web Applications
PCI DSS Compliance for Web Applications
 
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access ControlStopping Breaches at the Perimeter: Strategies for Secure Access Control
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
 
It security the condensed version
It security the condensed version It security the condensed version
It security the condensed version
 
#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model
 
Mobile security services 2012
Mobile security services 2012Mobile security services 2012
Mobile security services 2012
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data ResponsiblyIron Bastion: How to Manage Your Clients' Data Responsibly
Iron Bastion: How to Manage Your Clients' Data Responsibly
 

Kürzlich hochgeladen

Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxappkodes
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Jiastral oracle
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsIndiaMART InterMESH Limited
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...ssuserf63bd7
 
Types of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdfTypes of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdfASGITConsulting
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Interoperability and ecosystems: Assembling the industrial metaverse
Interoperability and ecosystems: Assembling the industrial metaverseInteroperability and ecosystems: Assembling the industrial metaverse
Interoperability and ecosystems: Assembling the industrial metaverseSiemens
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...SOFTTECHHUB
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environmentelijahj01012
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerAggregage
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdfChris Skinner
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...ssuserf63bd7
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfShashank Mehta
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesDoe Paoro
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOne Monitar
 

Kürzlich hochgeladen (20)

Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
Appkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptxAppkodes Tinder Clone Script with Customisable Solutions.pptx
Appkodes Tinder Clone Script with Customisable Solutions.pptx
 
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh JiPsychic Reading | Spiritual Guidance – Astro Ganesh Ji
Psychic Reading | Spiritual Guidance – Astro Ganesh Ji
 
Welding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan DynamicsWelding Electrode Making Machine By Deccan Dynamics
Welding Electrode Making Machine By Deccan Dynamics
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
 
Types of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdfTypes of Cyberattacks - ASG I.T. Consulting.pdf
Types of Cyberattacks - ASG I.T. Consulting.pdf
 
Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Interoperability and ecosystems: Assembling the industrial metaverse
Interoperability and ecosystems: Assembling the industrial metaverseInteroperability and ecosystems: Assembling the industrial metaverse
Interoperability and ecosystems: Assembling the industrial metaverse
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
Cyber Security Training in Office Environment
Cyber Security Training in Office EnvironmentCyber Security Training in Office Environment
Cyber Security Training in Office Environment
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon Harmer
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors Data
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
 
Darshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdfDarshan Hiranandani [News About Next CEO].pdf
Darshan Hiranandani [News About Next CEO].pdf
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic Experiences
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
 

New Massachusetts Data Privacy Regulation

  • 1. 201 CMR 17.00 • slideshare.net/becarreno • When: 3/1/10 • Who: “entity” that stores PI of residents of the Commonwealth • Similar to PCI DSS • Motivation: avoid another TJ Maxx
  • 2. Personal Information PI • First name (or initial) + last name + • SSN or • Driver’s license number or • Account number: credit card, bank account, policy number?, ... • Any format: paper, electronic, audio, video ...
  • 3. Administrative Requirements • WISP • Identify security risks • Ways to detect & prevent security failures • Designate Information Security Officer
  • 4. Technical Requirements • User authentication, passwords for: software, computer, laptop, flash drive, ... • Access control • Firewalls, antivirus, keep software updated • Wireless networks must be encrypted • VPN for remote access
  • 5. Technical Requirements • Email must be encrypted • Portable devices must be encrypted: • Laptop hard drive (password not enough) • iPhone, Blackberry, PDA’s • Portable (backup) hard drives • Flash drives
  • 6. Technical Requirements • Fax, telephone, first class mail are complaint • If not “technically feasible” don’t do it, example: use FedEx instead of email • No need to encrypt if no PI
  • 7. Recommendations • Easiest ➫ no PI • Example of WISP • Compliance checklist • VPN, WPA, firewalls, updates, antivirus, ...
  • 9. References • Full Text of Massachusetts 201 CMR 17.00 http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf • Frequently Asked Questions http://www.mass.gov/Eoca/docs/idtheft/201CMR17faqs.pdf • Regulation explained and practical steps http://www.informit.com/articles/article.aspx?p=1433062
  • 10. References • Sample WISP http://nengroup.com/the-basics/products-andnengroup.com-services/ma-201-cmr-17/mass-201-cmr-17- comprehensive-information-security-program-example • Compliance checklist http://www.mass.gov/Eoca/docs/idtheft/compliance_checklist.pdf • Encryption http://www.truecrypt.org http://www.gnupg.org
  • 11. Disclaimer I am not a lawyer and this is not legal advice
  • 12. slideshare.net/becarreno Braulio Carreno @bcarreno bcarreno@gmail.com http://carreno.me

Hinweis der Redaktion

  3. All companies have same types of security risks, small variations We’ll provide sample of a WISP (not legal advice)
  4. Passwords or biometrics
  5. PDA software still limited
  6. You want to comply because you care about your customer data, don’t you?