Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Cmr 17
1.
2. Overview About the Law Affected Organizations Requirements for Compliance Consequences of Non-Compliance About IT Managed Services
3. CMR 201 17.00 The law is called, “Standards for The Protection of Personal Information of Residents of the Commonwealth” Purpose and History: TJX & Hannaford Data Breaches SOX 404 Payment Card Compliance HIPAA
4. Scope of the Law What Organizations are required to comply with the new law? Verbiage: Organizations, “who own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts.” Personal Information Includes: Electronic Transaction and Billing Data (cc #s, bank data, etc) Identity-Theft Target Data (ss#, identification, etc) Customer Records
5. What is Required? Four Main Components: Risk Assessment and WISP Data Privacy Awareness Policy Security (A/V, Firewall, Encryption) Third Party WISP
6. Penalties Penalties for Non-Compliance: Enforcement through the Office of Mass AG Fines ranging $5,000 to $50,000. Forensic Data Discovery Private Suit Punitive Damages
7. Solution IT Managed Services: Professional Risk Assessment Written Information Security Plan (WISP) Flat Rate 24/7 Monitoring Full Encryption Full Antivirus Firewall