The document doesn't make a particularly exciting read, although it is not that hard to get through the barely 4 pages of content. The striking thing when reading the document is how familiar all this stuff sounds. Most likely drawing from several sources, such as California Senate Bill No. 1386 ("SB 1386") for protection of personal information and privacy, and PCI Data Security Standard (PCI DSS) produced by the credit card companies, Massachusetts has pulled together a regulation into one place that at least starts to give companies no excuse not to protect the personal information of customers, partners and employees.
In my non-professional opinion, this is likely to become another checklist that sits in the binder of compliance self-certifications that companies annually review and update. I don't see much that the CIO of a company that already prides itself on protecting customer information would worry about. A the same time, if you were already losing sleep over the fact that your infrastructure is shaky and insecure, that your employees are not trained in their compliance obligations, that you don't have all your security policy documents up to date, maybe it is time to beat the insomnia and do something about it.
A post from the Improving It blog
Let us help you improve your business today. Visit www.consected.com