On March 1, 2010, the Massachusetts law implementing “Standards for the Protection of Personal Information of Residents of the Commonwealth”, MA 201 CMR 17, went into effect. The law requires that businesses and individuals that receive, store, maintain, process, or otherwise have access to personal information have written information security procedures. While significant time has passed since the laws went into effect, there are many individuals and businesses that still aren't fully aware of the requirements and potential risks and penalties for noncompliance.
definition of "personal information"
Personal information is defined as “a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account.” Source: www.mass.gov
what's at risk?
In addition to reputation damage, the financial costs of not complying with the Massachusetts privacy regulations can be significant. The Massachusetts attorney general may seek a temporary restraining order or a preliminary or permanent injunction against any entity suspected of being in violation of the Regulations. If a court finds that the regulations were violated, it may impose civil penalties of up to $5,000 per violation, as well as court costs and attorneys’ fees. For example, if 100 customers have their information breached $5000 x 100 = $500,000.
If you weren't aware of the law or haven’t developed written security procedures, the links below provide additional information.
cyber liability insurance offers support if a breach occurs
Beyond preparing procedures to be in compliance, you can reduce your financial risk for a wide range of situations through cyber liability insurance coverage. Some of the types of claims that may occur include:
- Accidental release of confidential customer information
- Spreading a virus into a customer’s computer system
- Theft of customer’s credit card or banking account numbers
- Derogatory comments made online about a competitor by an employee
- Denial of service attack hacking
- Electronic data extortion or destruction
- Webmaster uses another site's content in site development
While no policy covers every situation, having this specialized coverage can provide relief if your a databe breach occurs despite your prevention efforts. To discuss cyber liability insurance for your company, please contact us online or call at 800-222-8711.