nearly every state across the country has enacted some form of legislation that serves to protect the privacy of its residents.
and you probably don’t even know what you don’t know.
james bourke, cpa.citp, reports for the aicpa insider:
with california taking the lead in 2003, many states have followed with rules and regulations that are as protective as those originally passed by california.
as of today, massachusetts is taking the lead amongst the states, with the most aggressive legislation in the world of privacy. if your company “owns, licenses, stores or maintains†personal information about massachusetts residents, then the new rules in massachusetts impose specific information security requirements that may call for your company to increase its standard of care.
your firm does not necessarily need to be located in the state of massachusetts for these rules to apply. the simple fact that you have data belonging to residents of that state now subject your firm to comply with the rules covering any dealings with those residents.
under the law, your firm must “develop, implement, maintain and monitor a comprehensive written information-security program that is reasonably consistent with industry standards and that contains administrative, technical and physical safeguards to ensure that security and confidentiality of records that contain personal information.”
how’s that going for you so far?
see original.