presentation on mass data privacy law
Post on 26-May-2015
1.044 Views
Preview:
DESCRIPTION
TRANSCRIPT
201 CMR 17.00 – New Privacy Law
Irene Wachsler, CPA, MBATobolsky & Wachsler CPAs, LLC
Establishes minimum standards that must be met to safeguard personal information for both paper & electronic records
Applies to “all persons that own, license, store or maintain personal information about a resident of the Commonwealth”
What is the New Law?
Implementation has been pushed back to March 1, 2010
Good News!!!!
Since August 2008, the Office of Consumer Affairs and Business Regulation (OCABR) has investigated 320 incidents:◦ Threatened to compromise the personal
information of 625,365 Mass. Residents◦ 60% of incidents involved theft of laptops / hard-
drives◦ 40% of incidents involved employee error / poor
internal handling of sensitive information Identity theft costs consumers & businesses
$52 billion annually
Why????
Two pieces:1. First name & last name or first initial and last
name and2. One or more of the following:
a. Social security numberb. Driver’s license / state-issued IDc. Financial account # / credit card / debit card
What is Personal Information?
Absolutely!◦ Tax Returns◦ Copies of W-2s; bank, mutual funds stock statements,
etc.
Possibly your clients◦ Do they have employees?◦ Maintain payroll records, I-9s, 1099s?
This applies to both ◦ Paper (“stuff” in the filing cabinets) and ◦ Electronic (data stored on your computer)
Does this Apply to CPAs?
Some things are obvious:◦ Prevent terminated employees from access to your
computer & paper records. (Immediately get the computer, keys to the office, etc.)
◦ Use a password to logon to your computer (and don’t share / write down your password)
◦ Educate and train your employees on the importance of protecting your client’s personal information
◦ Lock your paper records / file cabinets
How Do I Comply with the New Privacy Act?
Some things will require a change in work habits:◦ Employees are prohibited from keeping open files
containing personal information on their desks when they are not at their desks
◦ At the end of the day, all files containing personal information must be secured
◦ Paper and electronic records shall be disposed of in a manner that complies with M.G.L. c. 93I
How Do I Comply with the New Privacy Act?
Some things are not so obvious:◦ Encrypt all transmitted electronic records and files◦ Ensure that your computer has up-to-date:
Firewall protection Operating system security patches System security agent software including malware
protection and virus definitions◦ Hang out in the office when the cleaning crew
arrives◦ Designate a Data Security Coordinator who is
responsible for implementing a plan to protect personal information
How Do I Comply with the New Privacy Act?
Some things are not so obvious:◦ Do not send a fax without confirming that the
authorized recipient has exclusive access to the receiving fax machine
How Do I Comply with the New Privacy Act?
Implements the Plan to protect the security and confidentiality of personal information
Trains all employees Conducts regular testing of the Plan’s
safeguards Evaluates the ability of service providers to
comply with new law Conducts annual training for everyone –
owners, employees, independent contractors, etc. All attendees must certify their attendance & familiarity with the Plan
Data Security Coordinator
January 1, 2010◦ Paper records must be secured (i.e. locked)◦ Electronic records must be encrypted◦ Third-party service providers must be capable of
protecting personal information◦ All other portable devices must be encrypted –
memory sticks, DVDs, PDAs, etc.◦ Required written certification from third-party
service providers
Key Dates
1. You must immediately notify both the Attorney General’s Office and the Office of Consumer Affairs and Business Regulations:
◦ Include the nature of the breach◦ The number of residents of the Commonwealth
affected◦ Any steps taken or plans to take relating to the
breach
What Happens if My Records are Breached?
2. Must send notice to National Credit Bureaus
3. Must notify all affected residents:• Consumer’s right to obtain a police report• Instructions for requesting a freeze on a credit
report• Access to additional information including the
date of the data breach and any steps you have taken or plans to take relating to the incident
What Happens if My Records are Breached?
Paper – burned, pulverized or shredded so that personal data cannot practicably be read or reconstructed
Electronic media – destroyed or erased so that personal information cannot practicably be read or reconstructed◦ Caveat emptor – “erasing” data on a computer
does not meet this requirement. It is easy to reconstruct an “erased” file
How Do I Dispose of Records in Compliance with M.G.L. c 931?
DISCLAIMER: The software tools listed on this and following pages are what our firm, Tobolsky & Wachsler CPAs, LLC uses.
WE DO NOT OFFICIALLY ENDORSE THESE TOOLS NOR DO WE SUPPORT THEM. These tools are mentioned for discussion purposes only.
Software Tools that We Use
Hardware: NetGear ProSafe VPN Firewall◦ < $100 at Circuit City
Wireless NetGear Modem◦ Encrypted wireless access◦ $30 at CompUSA
Software: Norton 360◦ $60 for 3-user license at Staples
Firewall Protection
Norton 360◦ Automatic updates of malware & virus definitions◦ Antispyware◦ Email scanning of virus / junk email◦ $60 for 3-user license at Staples
Malware Protection & Virus Definitions
www.box.net◦ Sharing of files◦ Access anywhere via Internet connection◦ Password protect files◦ Invite clients to download files◦ Files are encrypted prior to upload / download◦ Files backed up across multiple, geographically
separated servers◦ $49.95 per month for 15GB of online storage
Online Sharing of Files
Carbonite◦ Online backup service◦ Encrypts files before they are uploaded from PC◦ Files remain encrypted at their data center◦ Requires unique login to retrieve files◦ $49.95 per year w/ unlimited storage
Backup of Data
Comodo TrustConnect◦ Protects identity and keeps information private◦ Need to log in to TrustConnect website◦ $50 per year
Wireless Connections from Public Wi-Fi Hotspots
TrueCrypt – encrypted directories on laptops
Microsoft encrypts data on hard drives
Data Encryption
Irene Wachsler, CPA, MBATobolsky & Wachsler CPAs, LLC
irene@milliecpa.com(781) 883-3174
To ensure compliance with the requirements imposed on us by Circular 230, we inform you that any tax advice contained in this communication (including any attachments) is not intended to and cannot be used for the purpose of (i) avoiding tax-related penalties under the Internal Revenue Code, or (ii) promoting, marketing or recommending to another party any tax-related matter(s) addressed herein.
Thank You!
top related