NENGroup Can Help Companies Comply with Massachusetts’ CMR 17
New statewide Comprehensive Identity Theft Prevention Regulation affects local companies

Starting March 1, 2010, Massachusetts companies and businesses that compile or maintain records containing personal information must comply with the recently approved Comprehensive Identity Theft Prevention Regulation (CMR 17).

NENGroup can help! As one of the leading full service IT companies in the Boston area, New England Network Group, Inc. (NENGroup) is equipped to help companies meet these new regulations. As part of our IT solutions package, we will implement a comprehensive computer security system, including secure user authentication protocols, secure access control measures, encryption tactics and firewall protection. Companies can enjoy peace of mind knowing NENGroup will set up a system that provides the utmost protection for their customers’ personal information as well as adheres to the new state law.

This new personal data protection law establishes a standard set of regulations for businesses to protect and store Massachusetts residents’ personal information. Personal information is defined under the new regulation as a resident’s first name and last name, or first initial and last name, and one or more of the following:

• Social Security number
• Driver’s license number or state-issued ID card number
• Financial account number or credit or debit card number (with or without any type of security or access code or password)

This expansive, new CMR 17 law requires companies to develop and implement several security safeguards, including:

• A comprehensive written information security plan creating effective administrative, technical and physical safeguards of personal information
• Protection against any anticipated threats or hazards to the security or integrity of personal information
• Policies regulating employees’ ability to access and transport records outside work
• A complete employee training regarding new security strategies
• Disciplinary measures for violations of these new safeguards

All Massachusetts companies and businesses, regardless of their size, are subject to the regulations set forth by the new personal data protection law, THIS INCLUDES YOUR OWN EMPLOYEE DATA. Conversely, many local companies may find themselves ill-equipped to internally implement the required security strategies.

Though Massachusetts companies have until March 1, 2010 to comply with the CMR 17, regulations also require businesses to complete internal and external security risk assessments prior to the effective date.

Contact a skilled NENGroup IT specialist today to ensure your company is prepared for the new standards: GoVirtual@NENGroup.com or (800) 696-2309.