Print View

Employment Law
E-ALERT
February 2010

Deadline Looming For Implementation of Data Security Policy

On March 1, 2010, companies that collect and retain personal information in connection with providing goods and services or for the purposes of employment must have a Comprehensive Written Information Security Program (WISP) designed to protect the personal information collected. For purposes of this program, personal information is defined as a Massachusetts resident's name in combination with one or more of the following: the resident's social security number, driver's license number, financial account number, or credit or debit card number. An insurance policy number also qualifies as a financial account number if it allows anyone access to a person's finances or could result in a misappropriation of monies, credit, or other assets.

Most, if not all, employers will be required to draft and implement a WISP. The written plan must include certain standards and procedures, including administrative, technical, and physical safeguards for protecting and storing any records in paper or electronic form containing personal information about Massachusetts residents. In addition, the program must mandate training for employees about these security measures and procedures for prohibiting terminated employees from accessing such information. The program is not one size fits all. Instead, the type of program required by a company is dictated by its size, the scope and type of its business, available resources, amount of stored data, and the need for security and confidentiality of both consumer and employee information.

It is important that companies devise and implement their programs by March 1, 2010. The Massachusetts Attorney General's Office is authorized to enforce noncompliance. Employees or consumers may also file private actions for damages, and may be awarded in some cases multiple damages and attorney's fees, for breaches of security that result in the unauthorized disclosure of personal information.

CONTACT

If you have any questions about this alert, please contact the author, Laurie Alexander-Krom or any Davis Malm employment attorney.

This article is provided as a courtesy and may not be relied upon as legal advice, or to avoid taxes and penalties. Distribution to promote, market, or recommend any arrangement or investment to avoid or evade taxes, including penalties, is expressly forbidden. Any communication with the author as to its contents, does not, of itself, create a lawyer-client relationship. Under the ethical rules applicable to lawyers in some jurisdictions, this may be considered advertising.