As fraud continues to rise, more states are making businesses go to great (i.e., pricey) lengths to keep sensitive employee and customer data safe.
Recently, Massachusetts explicitly laid out what all businesses must do to protect confidential info and prevent a security breach.
Here are the details of the plan. Following each of these steps could improve your firm’s security — and put you ahead of the compliance curve should your state follow Massachusetts’ lead.
Create and maintain a clear written policy. Businesses must develop, implement, maintain and track a written data security program for any records containing personal info.
Maintain the policy. Employers need to designate a staffer to maintain and monitor the program on a regular basis.
Assess every risk. There’s no shortage of potential problems when it comes to security breaches. In Mass., companies must identify and assess every internal and external risk.
Provide continuous training. Employers also need to provide ongoing education to keep staffers up-to-date and aware of all security measures.
Limits the access. The Mass. plan limits the amount of personal data collected, as well as who’s privy to it and where it’s kept.
We’ll keep you posted on any states that adopt similar plans.