Summary of Massachusetts Privacy Law Security Standards

Massachusetts Privacy Law Security Standards:
- Written information security program
- Passwords, encryption for laptops
- Risk assessments
- Security policies around records retention
- Policies and procedures to prevent terminated employees from gaining access
- Physical access control policies and procedures
- Security incident response policies
- Monitoring for unauthorized access
- Encryption of PII on laptops and other portable devices
- Encryption of PII data in transmission

Effective: 1 January 2009

1. Encrypt Data Over Public Networks
2. Manage Encryption Keys
3. Encrypt Laptops and Portable Devices
4. Monitor Systems