I am very surprised by the number of small to mid-size companies who are not familiar with the new data security law which went into effect in Massachusetts on March 1st of this year. Mark Rogers of The Rogers Law Firm in Braintree shared the following points relative to how the law impacts companies:
• Failure to have appropriate security systems in place that protect personal information stored or maintained at your business; for example, locks on file cabinets, a lock on the door to the room where your server is located;
• Failure to have written confirmation from vendors who have access to your business’ personal information (i.e. IT consultants, CPA’s and even the cleaning service that cleans your office space) that they comply with the new MA Data Security Regulations:
• Failure to have appropriate computer system security, such as firewalls, email encryption and password protection.”

I hope these comments from Mark Rogers help you in better understanding the law.  Lately, as I continue to tour offices with prospective tenants, I have observed many server rooms unlocked when a very inexpensive lock to secure the room could potentially save one’s company a substantial amount of “fine” money.  If you are not totally familiar with the law, I would strongly suggest contacting an attorney or expert with Mark Rogers’ qualifications.