It is always a good idea to make sure you are protecting your customer’s private data, now so more than ever. After several extensions of the original implementation date, as of March 1, 2010, any organization that possesses the personally identifiable information of Massachusetts residents will have to be in compliance with the Commonwealth of Massachusetts Data Privacy Law 201 CMR 17.00. There are other laws out there that speak to what disclosures must be made after a breach of personal data, but this is really the first law that details the steps that must be taken to ensure data security before hand.
This requirement to protect and secure private data is more than a trend. In fact, it is simply a best practice to protect any personally identifiable information that your business encounters. Some states have taken the PCI DSS standard as a starting point, but here we see a government entity laying down the law on steps a business must take to make sure the data they handle is secure and encrypted, with a written plan on how they are doing so. BankInfoSecurity.com has a good post that discusses what businesses should be doing to ensure personal data is secured through encryption. The post points out that it is unlikely there will be proactive enforcement of the new law’s provision, as limited resources make it fairly impossible to see if everyone is in compliance. It does point out, though, that if a data breach occurs, they [Massachusetts state government] will certainly check to make sure required procedures were being followed, and that companies who do not follow the law will face stiff penalties in such situations.
Security is something that you cannot afford to ignore, and using a managed SSL VPN service, combined with choosing a network provider who is PCI DSS compliant [PDF], is a great first step to ensuring critical data moving across your network is encrypted and secure. Your business simply cannot afford the costs associated with a data breach, but not doing so at this point would be breaking the law.
Speak with your managed services network partner today to make sure both you and they are compliant. If you find your current provider can’t meet your PCI and managed security needs, give us a call. We’ll be more than happy to share our expertise in managed security solutions with your business.