State laws calling for protection of personally identifiable information (PII) have been around for ages; however, the rising tide of data leakage, break-ins and thefts have uncovered the necessity for clear-cut, demanding laws on a state by state basis. And Massachusetts is no exception.

The days of being slapped on the wrist are over. The new Massachusetts Data Protection Regulation (MA 201 CMR 17) calls for all PII - driver’s license, social security number, financial account numbers, or credit/debit card numbers- that belongs to Massachusetts residents to be protected both at rest and in motion. But it doesn’t end there, companies must prove that controls are in place and they are in compliance with these requirements.

New regulations are often accompanied by confusion for all parties involved - MA 201 CMR 17 is no different. And as the details surrounding the regulation continue to be discussed and nailed down, it appears to be a moving target. But one thing is clear: Deadlines are in the foreseeable future and within 6 months you will have to meet this requirement – and it’s your job to understand the regulation, communicate the risk effectively to upper management and protect your organization from ending up on the front pages.  

This one-day seminar demystifies MA 201 CMR 17 and arms you with actionable IT techniques that you can take back to your team in order to quickly assess and address the new requirements.

Attend and return to the office with the knowledge of how to:

• Deploy policies to protect all personal data and implement a Written Information Security Program (WISP)
• Integrate best practices for encryption and affordable technology solutions to create a holistic multi-layer approach
• Recognize the key elements of the regulation and what your company must do to comply
• Implement the proper technologies associated with the new regulation to create an effective policy
• Identify the essential requirements to support your business goals and prevent non-compliance penalties

Register to gain free admission or call Jen Tobin at 781-657-1329 to reserve your seat today!

 

Session 1: The reasoning behind the Massachusetts Data Protection Act: Why 201 CMR 17 and Why Now?

In this session Massachusetts state officials David Murray, general counsel of the office of Consumer Affairs and Business Regulation (OCABR) and Gerry Young, Secretariat CIO, Executive Office of Housing and Economic Development and former CIO of OCABR explain why the commonwealth has decided to enforce additional data protection regulations and apply more stringent implications to Massachusetts businesses. Young and Murray outline:

• The legal background of 201 CMR 17: Why the law was written? What did 93H mandate? What's the status of SB 173?
• The current challenges for data protection: Risks that exist for the PII of citizens stored by organizations
• Technical implications of the law: Including encryption, key management, cache memory, off-site storage, disaster recovery, and more
• Recommendations for creating a holistic, multilayer approach
• How to form comprehensive strategies to ensure compliance by January 1, 2010
  

Session 2: The Massachusetts Data Protection Regulation: What is a WISP and How Do I Make One?

One of the biggest burdens of the new regulation is the requirement to implement a comprehensive Written Information Security Program (WISP) that includes governance, policies, risk assessment, incident response and a process for assessing and correcting weaknesses. This could have a significant impact on medium sized businesses. In this session, Mackey discuses how to:

• Successfully implement a WISP
• Understand all of the requirements of MA 201 CMR 17
• Implement the requirements and document the parts
• Create an effective policy that meets all of the requirements
  

Session 3: The Massachusetts Data Protection Regulation: Technical and Procedural Challenges

The new regulation requires both process controls and technical controls for compliance, but many organizations do not have the proper combination to comply. In this session, Mackey explains:

• Vulnerability management requirements
• Critical considerations when implementing backup encryption
• Encryption requirements for laptops, portable devices and more
• Key technological elements of the regulation, including secure storage and backup of data
• Essential IT and business processes that should accompany the technical and procedural requirements in order to support your business goals and prevent non-compliance penalties

 

Panel Discussion - Implications of MA 201 CMR 17

A panel of industry experts answers your questions on the new data protection regulation. This is your opportunity to get your toughest security questions answered, help you prepare for MA 201 CMR 17 and ultimately strengthen your security posture.