Standard
M a s s a c h u s e t t s ’
s w e e p i n g n e w d a t a
p r o t e c t i o n r u l e s
Joe Laferrera
Gesmer Updegrove LLP
March 2009
Massachusetts’ Law:
Chapter 93H
any
Internal
a l y s i s f o r
p e c i fi c a n k
Risks
F a c t - s e s s i n g r i s
g a n d a s s
ide n t i f y in
and i n g
d i m p r o v
a t in g a n d s
External evalu s o f s a f e g u a r
e n e s
Risks effectiv
Off-Premises Access
Assess “whether and how employees
should be allowed to keep, access and
transport records containing personal
information outside of business premises.”
Telecommuting
Use of messenger and delivery services
Ability to maintain files at home
Disciplinary
Measures
1
2 01 0
The Approach
Audit and assess
Inventory type of PI kept
Review 3rd-party contracts
Assess risks
Plan information and data strategy
IT infrastructure and information process
changes
Implement plan and policies
Contract changes, employee policies, etc.
40 Broad Street
Boston, MA 02109
(617) 350-6800
gesmer.com
All rights reserved. ©2009 Gesmer Updegrove LLP. This may be considered advertising under Mass. R. Prof. C. 7.3(c).