Policy, procedure and process.
I was asked recently why do I need a computer policy?
The short answer? It’s the law.
Massachusetts 201 CMR 17.00 Compliance
In Massachusetts, the law 201.cmr.17 clearly states that a business must have a clear and defined polices when it comes to internet and data access for their employees. To quote the purpose section directly:
This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met by persons who own or license personal information about a resident of the Commonwealth of Massachusetts. This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. The objectives of this regulation are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.
MA Privacy Law Compliance for Your Business
What does this mean for businesses? If an employee decides to copy client’s data to an external drive or an external network and their is no company policy in place, it could possibly cause a tremendous amount of fines and penalties when it comes to data loss and lack of accountability that comes from a data breach.
The other problem is failure to prevent the data loss can also mean something larger when it comes to their clients data. If they are so careless with your clients data, it shows that they could be careless with your companies intellectual property such as client list, client information and more. Nothing is worse for a business owner than their client and accounting information to fall into their competitors hands.
Reviewing Your Company Policies
What we recommend to our client is to review their client handbook and their company policies when it comes to networks, computers and mobile devices. Many times our clients and some new ones are surprised when we ask for a copy of their handbook so we can make modifications.
Many attorneys believes that they do a great job when creating an acceptable use policy when it comes to their clients networks, but from an IT perspective, it can always be tightened up. From social media, mobile devices, flash drive, and password policies, it is imperative that we advise clients to have us review it so they are not at risk to penalties and data loss. Too often there is the one-two punch of losing client data, and then losing clients. Let us help you be proactive.