Security and Responses

Written by Ed Clark, Spectrum Enterprises

Cyber-security is kind of always in the back of people’s minds lately. It might be time to bring it closer to the front.

Massachusetts passed a law a while back regarding access to personal information. It’s 210 CMR17.00  and it establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. 

It requires (in part):

1)Every person that owns or licenses personal information about a resident of the Commonwealth shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to (a) the size, scope and type of business…

2) Designating one or more employees to maintain the comprehensive information security program;

3) Identifying and assessing reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of any electronic, paper or other records containing personal information, 

Without going into greater detail, it also requires you to take reasonable steps to ensure compliance with law, including such things as training staff on appropriate security measures, imposing penalties for failing to maintain security and requiring third party vendors to ensure compliance with any information you give to them.

To break the law you would need to disclose the person’s first name or initial, their last name, and one of the following: 

SS number,        

Drivers license number or state ID number,        

A financial account number or credit card number

You should know that Spectrum doesn’t need access to ANY of the information covered under the law. Yet we are still presented with it regularly. Just give us the last four digits and that is usually sufficient for us to complete our work.

It is up to you and your staff to ensure compliance with the law.  When we are monitoring your property for LIHTC compliance, please remember that Spectrum is not a service provider as described under the law. We are contracted with the State of Massachusetts, not with any particular owner or management agent.

It may be time for you and your staff to review the law’s requirements, and to ensure you are complying with them.

Tags:


Subscribe to Our Blog

 

 Subscribe in a reader