Data Security: Into the Breach
State Firms Must Protect Personal Information

Massachusetts’ tough new law data security law—known as 201 CMR 17—mandates that all firms doing business with Massachusetts residents must have a comprehensive program in place to safeguard personal information and protect against security breaches.

The Commonwealth’s new law, one of the most far-reaching information security measures ever passed, provides the strongest protection against identity theft of any state in the nation. Federal law only requires companies to perform a risk assessment after a data breach has occurred.

By March 1, 2010, all firms doing business with Massachusetts residents must be fully compliant with strict data security and privacy standards. The law applies to every business with access to a Massachusetts resident’s last name and first initial, plus at least one of the following: social security number, driver’s license, state identity card, credit or debit card, financial account number, password, PIN code or other “personal” information.

All businesses, no matter how small, must have a comprehensive program in place to safeguard confidential data and protect against anticipated threats or hazards to the security or integrity of such information. Companies must implement a Written Information Security Program (WISP) to maintain secure control over electronic records and paper files to ensure the security and confidentiality of customer information.

No industry sector or business with access to personal information, as defined, is exempt from the strict Massachusetts law. Large or small, firms must comply with the new regulation or risk substantial penalties, investigative fees and restitution costs. Any company that has reason to suspect a security breach has occurred must provide notice “as soon as practicable, and without unreasonable delay” to the affected individual and applicable government officials.

Rather than burdening often overworked internal IT departments, businesses are turning to “turnkey” solutions that can quickly and easily bring them into compliance with the intricacies of the new law. The WISP must not only protect data security and privacy, but also prevent unauthorized access to or use of such information that could result in substantial harm or inconvenience to the consumer.

Data encryption and the relative anonymity and invulnerability of “cloud computing” provide an inexpensive means of protecting sensitive information. Rather than investing in costly security upgrades, for example, a solo practitioner or small law firm can purchase a software solution to assure compliance with the new data security law.

Catuogno Court Reporting’s low-cost, comprehensive Total Compliance Solution assures the security of electronic data by providing encryption for both email and cloud storage. The solution protects sensitive information and assures the security of electronically transmitted data. The secure, scalable platform allows attorneys to easily store and share files, providing continuous access to their legal documents. Tailored to each firm’s comprehensive WISP, the combination of cloud computing and data encryption safeguards personal information without expensive firewalls or ongoing employee monitoring costs.

“Law firms don’t have to invest any capital or operate their own data centers,” says company CEO & Founder Raymond F. Catuogno, Sr. of Springfield, Mass. “Our customers can focus on their core business and their clients, confident that they are complying with the law and their client information is completely protected.”
The new law extends to data wireless networks, laptops and other portable devices that may be prime targets for identity theft. Several high-profile security breaches have involved the theft of laptop computers containing millions of credit and debit card numbers.

Catuogno’s compliance solution protects the security of such vital information by deploying anywhere-anytime cloud storage. Despite the high level of security, the automated solution offers password-protected access to files via the internet from any computer. Data security is assured with easy-to-use features such as an integrated Windows desktop, rich Web 2.0 browsers and iPhone®, BlackBerry® and Windows Mobile® native client access. Cloud storage is especially appropriate for law firms because it offers secure and controlled access from anywhere for lawyers on the go—via the internet, smartphone or desktop.

About Catuogno Court Reporting and Sten-Tel Transcription
With offices in Boston, Springfield, Worcester and Lawrence, Massachusetts, and Providence, Rhode Island, Catuogno Court Reporting and Sten-Tel Transcription have been providing innovative dictation and transcription services throughout the United States since 1966. Our patented technologies continue to set the standard for the medical, legal, law enforcement, insurance, and business transcription & dictation management industries. Call us toll-free at 1-888-228-8646 or email sales@catuogno.cc.