IT Compliance Advisor

Mar 13 2009   8:54PM GMT

Coming: State privacy laws run amok



Posted by: Scot Petersen
Tags:
compliance
conference
data protection
encryption
governance
MA data protection law
regulatory compliance
risk management

As business owners are preparing for the new Massachusetts data protection law, also known as 201 CMR 17: Standards for The Protection of Personal Information of Residents of the Commonwealth, due next year, a potential quagmire is building.

Speaking at the TechTarget Compliance Decisions Summit March 12, Laurence Anker, engagement manager, technology risk management for Jefferson Wells International, said the coming influx of state privacy laws will create “a mess.”

Only about half of the states have laws governing personally identifiable information, but several more, including Massachusetts, are crafting tough laws that will put new burdens on businesses, especially SMBs, and businesses outside of the state that employ Massachusetts residents.

These laws will cover areas such as secure storage of data, encryption of data and access controls, as well as require businesses to create written, comprehensive security and privacy policies for personal data.

Such tasks are formidable, but not impossible, but multiply the Massachusetts law by 50 and it’s easy to see how difficult it will become for some businesses to make sure they are in compliance with every state’s privacy law.

Anker said that he does not foresee new state laws as they come on the books to be in direct conflict with one another. Rather, business entities will have to make decisions on how to manage compliance with state privacy laws with different degrees of requirements. Most likely businesses with a widespread employee base will standardize and comply with the state with the toughest privacy policy.

Or, Anker said, there could be a day when state privacy regulators will join an organization similar to the National Association of Insurance Commissioners, which will seek to normalize the state privacy laws and help the states enforce them.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: