I recently had a meeting with some security channel professionals, and as we were reviewing trends, the group began to express some interest in the state data protection law in Massachusetts: 201 CMR 17.
That may be surprising since many of these solution providers aren’t necessarily located in Massachusetts. There was a definite sense, however, that the resellers and consultants needed to be aware of compliance regulations, that new laws may spring up in other states, and that their customers will be held accountable.
I asked Richard Mackey, vice president of consulting at SystemExperts, about the current compliance landscape:
- What kinds of laws and requirements should we expect to emerge from individual states?
- How are laws like 201 CMR 17 beginning to impact organizations that never had to worry about regulations like PCI or HIPAA?
- For channel professionals working with customers across different states, how can they position their security practices so that their clients are ready for any emerging regulations?
- What are the technical and risk-based measures that are must-haves, and that appear in laws like 201 CMR 17, and will likely be used to meet other state data protection requirements?
- If organizations already have security programs that address regulations like SOX , HIPAA and PCI DSS, will customers be in good shape regarding the Massachusetts law? What changes may be needed?
Listen to the podcast below, and let me know what you think.