Mpica

The Massachusetts Personal Information Compliance Assessment (or MPICA) is an information technology service provided by the IT firm NSK, Inc. open to businesses that need to comply with the Massachusetts General Law Chapter 93H and its new regulations 201 CMR 17.0. The law requires that companies own, license, store, and/or maintain personal information about a Massachusetts resident make adjustments to further protect personal information. Both electronic and paper records will need to comply with the new law. The regulations go into effect on January 1, 2010. The law was originally supposed to go into effect on January 1, 2009, but then was pushed to May 1 and then January 1, 2010 due to the state of the economy.
The MPICA offers IT help to companies who are having difficulty making changes in their systems to adjust to this law. Identity theft and fraud are the major concerns at the core of the implementation of the Chapter 93H Law, so it is important that the necessary changes are made within business IT systems. If a Massachusetts resident's information is leaked or captured, there could be serious consequences for that person. Therefore, making changes to keep residents' information secure will be required to avoiding security breach and fines.

Companies will need a written security plan to safeguard their contacts' personal information. It will need to be illustrative of policies that demonstrate technical, physical, and administrative protection for residents’ information. The plan needs to be written to meet industry standards. Companies will have to designate employees to oversee and manage security procedures in the workplace, as well as continuously monitor and address security hazards. Policies addressing employee access to and transportation of personal information will be developed, as well as disciplinary measures for employees who do not conform to new regulations. Limiting the collection of data to the minimum that is needed for the purpose it will be used for is part of the new regulations.
Since revisiting workplace data security procedures requires in-depth changes, this is a lengthy process. It takes months for businesses to make the necessary changes required by this law, so businesses might consider starting early.
 
< Prev   Next >