5 Common Misconceptions about Mass Privacy Law 201 CMR 17.00 : Part 5/5. This is a BIG company problem.

Welcome to my continuing series about the Massachusetts data protection laws 201 CMR 17.00. At this time the rules take effect on March 1, 2010. In discussions with my clients I have heard many of the same questions (or mis-statements) many times.

If you’re just joining us, please take a few minutes and look over the first four entries in the series.

5 Common Misconceptions about Mass Privacy Law 201 CMR 17.00 : Part 1/5. Not Me!
5 Common Misconceptions about Mass Privacy Law 201 CMR 17.00 : Part 2/5. Not Me, really!
5 Common Misconceptions about Mass Privacy Law 201 CMR 17.00 : Part 3/5. It’s a tech thing!
5 Common Misconceptions about Mass Privacy Law 201 CMR 17.00 : Part 4/5. I’m OK!

Another good stop is Charland Technology’s Mass Data Protection Laws landing page.

I may be partly responsible for this one, because in my standard presentation about data security (and these regulations) I point out some BIG data breaches, like TJX, Heartland, and BJ’s.

“This is a response to some huge problems that big companies have had. Nothing like this could ever happen here. In fact, no one even knows that we save copies of drivers’ licenses,” one of my clients told me. He continued, “we only have a few hundred of them at most.”

There’s a great web site full of stories where people said, “Nothing like this could ever happen here.” It’s Data Loss DB, maintained by the Open Security Foundation.

Take a look at their site. What you’ll see today:

“About 145 employees at the Kansas City Art Institute have been notified of potential identity theft in connection with the disappearance of a computer from the campus. An Apple computer that contained Social Security numbers, dates of birth and other personal information about the school’s professors and staff employees was stolen from the human resource office last Thursday night.” Kansas City Star, February 9, 2010

“Sea Ray Boats inc. – email accidentally sends out personal details of names, addresses, and Social Security numbers of 341 employees. 4 New Hampshire residents affected.” From the DataLossDB.org web site

Hanceville, Alabama Dairy Queen credit card terminal hacked: “At that location, somebody has apparently tapped into the Internet server and hacked into the debit card system, and they’re printing out the customers’ debit card numbers and using them all over California and Georgia,” Estimated 1,000-2,000 card details stolen. See the story in the Cullman, Alabama Times.

“Diners who frequent a popular Downtown restaurant should review their charge-card statements because hackers broke into its computer system to loot debit- and credit-card numbers, police said today. Between 30 and 50 people have reported fraudulent charges on their accounts, and Columbus detectives said that anyone who used a charge card at Tip Top Kitchen and Cocktails in July or August is at risk.” Columbus (OH) Dispatch, November 25, 2009

“Thirty former clients at the East Chicago, Ind., H&R Block have filed reports with police after their personal information was stolen. The victims discovered the thefts when trying to file taxes this year or after receiving tax return checks with incorrect amounts.” WLS-TV, East Chicago, Indiana, February 16, 2010

This is not “just a big company problem.”

This is not “just a government problem.”

This is not “just a healthcare problem.”

This is not “just a computer problem.”

As I say in my data security presentations, leaders in business, healthcare, and government need to take steps to ensure our clients’ and patients’ data security. Our clients and employees need to feel confident that they can provide important documents and that we will protect them adequately.

The deadline is now a few days away. Look on our Data Protection page for more details to get your own compliance strategy together…or contact us for help!

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: