Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 1 MA201 CMR 17.00 John Hally January 2012 GIAC GSEC, GCIA, GCIH, GCFA, GCWN, GPEN.

Published byLindsay Holly Golden Modified over 8 years ago

Similar presentations

Presentation on theme: "1 1 MA201 CMR 17.00 John Hally January 2012 GIAC GSEC, GCIA, GCIH, GCFA, GCWN, GPEN."— Presentation transcript:

1 1 1 MA201 CMR 17.00 John Hally January 2012 GIAC GSEC, GCIA, GCIH, GCFA, GCWN, GPEN

2 2 17.01 - Purpose and Scope Effective Date: March 2010 Purpose Implementation of provisions set forth in Massachusetts General Law (MGL) 93H Establish minimum standard to safeguard personal information contained in paper and electronic records Ensure security and confidentiality of information consistent with industry standards Scope Applies to any and all persons that own or license personal information of a Massachusettes resident

3 3 17.02 - Key Definitions Personal Information : Resident’s first name/initial and last name in combination with: Social Security Number. Driver’s License/State Identification Number. Financial account/Credit card number with or without PIN/Security/Access Code. Record: Any material upon which written, drawn, spoken, visual, or electromagnetic information or images are recorded or preserved, regardless of physical form or characteristics. Owner/licenser : Receives, maintains, processes, or otherwise has access to personal information in connection with the provision of goods or services or in connection with employment.

4 4 17.04 - Computer System Security Requirements Secure User Authentication Protocols. Secure Access Control Measures. Encryption of all transmitted records/files containing Personal Information. “Reasonable” monitoring of systems. Encryption of all stored personal information on laptops/portable devices. “Reasonably up to date” firewall protection, security patches for any Internet-connected system that stores/transmits personal data. “Reasonably up to date” system security anti-malware agent software. Education/training of employees on proper use and security of personal data.

5 5 Massachusetts Data Privacy Law Summary MA 201 CMR 17.00 Requires: Any and all personal information as outlined in the law be protected The owner of the data is ultimately responsible for the security of personal information and meeting compliance. 17.03 Duty to Protect sets the requirement of having a comprehensive, written security program containing administrative, technical, and physical safeguards 17.04 Computer System Security Requirements addresses system security by requiring the implementation of 8 technical controls for any system that stores or transmits personal data The lastest revision of the law allows for a risk-based approach to compliance and enforcement efforts. Law in effect as of March 2010.

Download ppt "1 1 MA201 CMR 17.00 John Hally January 2012 GIAC GSEC, GCIA, GCIH, GCFA, GCWN, GPEN."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
HIPAA Health Insurance Portability and Accountability Act.

HIPAA Health Insurance Portability and Accountability Act.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept. 2004.

ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept
Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.

Massachusetts privacy law and your business  Jonathan Gossels, President, SystemExperts Corporation  Moderator: Illena Armstrong  Actual Topic: Intersecting.
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
Security Controls – What Works

Security Controls – What Works
Dino Tsibouris (614) 360-1160 Information Security – What’s New In the Law?

Dino Tsibouris (614) Information Security – What’s New In the Law?
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Similar presentations

Ads by Google