Presentation is loading. Please wait.

Presentation is loading. Please wait.

New Data Regulation Law 201 CMR 17.00. TJX Video.

Published byJared Dixon Modified over 8 years ago

Similar presentations

Presentation on theme: "New Data Regulation Law 201 CMR 17.00. TJX Video."— Presentation transcript:

1 New Data Regulation Law 201 CMR 17.00

2 TJX Video

3

4

5

6 Minimum Requirements Secure Access control measures Secure user authentication protocols Monitoring for unauthorized access Encrypt PI that is or would be transmitted wirelessly

7 Minimum Requirements Encryption of all PI on portable media ◦Laptop ◦Smartphones ◦PDA’s Up to date Firewall and Security Patch Protection Up to date security agent software ◦Virus Protection ◦Malware Employee Training

8 W.I.S.P. Create a policy that encompasses the entire organization – develop a Security Policy to Safeguard PI Identify existing PI Advise senior management if current technology places PI at risk Define rules for protecting PI that covers both paper and electronic records

9 W.I.S.P. Ensure all Employees that have access to PI records are trained in safeguarding Ongoing training through workplaces posters and e-mails Signed polices provide audit trail IT policies are important too.. Your login credentials are the “keys to the kingdom”

10 Safeguards for PI Store Hardcopies ◦Restrict Access ◦Monitor Access ◦Establish “Location” Policy Scan Hardcopies ◦Store Electronically ◦Restrict Access ◦Monitor Access ◦Shred Hardcopies

11 Safeguards for PI Encrypt all Laptops entire hard disk drive, PDA’s memory, and Smartphone's that hold PI against loss or theft ◦PI data is unreadable even if disk drive is moved to another Laptop ◦Unlocking disk encryption requires proper username and password, or more Or Encrypt PI files stored on Mobile Devices

12 Safeguards for PI PI data stored on Portable Media (ex. DVD or USB drives) must be encrypted Recommendation: Use software that encrypts any data stored on Portable Media, or has Port Control to prevent users from copying to Portable Media All Backup Tapes or External Hard Drives software must be encrypted.

13 Safeguards for PI If PI is sent across a wireless network, it MUST be encrypted Patch Management must be up to date Up to date Anti Virus Companies Firewall is to be up to date Wireless encrypted with security access

14 Safeguards for PI E-mails containing PI must be encrypted if sent via the internet. E-mail “Content Filtering” electronically searches the body of the e-mail and attachments for PI E-mails with PI will be automatically encrypted before traveling over the internet.

15 Safeguards for PI For Third Party Vendors, you should obtain written certification of compliance with MA Privacy Regulations from business partners you share PI data with ◦IT Companies ◦Payroll Company ◦Benefit Companies  401(k)  Life Insurance  Insurance Caution: E-mail communications with these parties frequently involve PI data – ensure those e-mails are encrypted

16 Safeguards for PI Survey employees for other resting spots for PI data (ex: unlocked filing cabinets, portable media, briefcases at homes, etc. ◦USB Flash Drives ◦DVD ◦CD

17 Safeguards for PI Terminating Employee’s ◦Disable User right away ◦Redirect E-mail to another user ◦Remove Remote Access ◦Don’t allow ex employee near PI

18 Recap Thumb drive has info from the state Massdatalaw.com Free trail version of Safe House Kevin@securebiznetworks.com

Download ppt "New Data Regulation Law 201 CMR 17.00. TJX Video."

Similar presentations

Security for Mobile Devices

Security for Mobile Devices
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
HIPAA Security Training 2005

HIPAA Security Training 2005
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Privacy, Security, Confidentiality, and Legal Issues

Privacy, Security, Confidentiality, and Legal Issues
Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.

Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.

BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.

Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.
Information Security Policies and Standards

Information Security Policies and Standards
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Data Encryption Overview South Seas Corporation Jared Owensby.

Data Encryption Overview South Seas Corporation Jared Owensby.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
©2011 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Best.

©2011 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Best.

Similar presentations

Ads by Google