Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

April 27, 2009

Data Security Regs Are Smart Policy

A batch of new state regulations that go into effect Jan. 1, 2010 has some businesses complaining about unnecessary bureaucracy and the unfair burden it will foist upon them.

The regulations require that personal information — names in combination with social security numbers, bank account numbers or credit card numbers — be encrypted when stored on portable devices, transmitted wirelessly or on public networks. The rules apply for customer as well as employee data.

While this may seem like a real pain in the bottom line for some businesses, one need only look to Framingham to see why the state considers these measures necessary. It was only a couple of years ago that TJX Cos. admitted to the theft of massive amounts of private customer data from the computer systems used by its retail stores.

It was a huge mess; 94 million customer credit cards were exposed over a 17-month period. The company was sued by banks and credit card companies from all over the United States. The debacle cost TJX more than $250 million and enough public embarrassment to last the discount retailer a lifetime. While TJX was the largest local example of confidential customer information leaking out, it was hardly the only breach — there have been many the last few years.

The enforcement of the law has already been delayed more than six months in deference to business lobbying efforts, so every business has had and will have ample time to prepare.

We must not forget that where there is challenge, there is opportunity. Small businesses will not have to cope with these regulations alone.

Waltham-based Liquid Machines, in partnership with Mansfield-based HR Knowledge, announced plans to expand its marketing of data loss prevention software from just Fortune 500 companies to also serve small- and medium-sized businesses.

We’re sure other software companies around the state will offer similar services. As long as those services are made affordable, compliance with the new regulations could be as easy as signing up.

With these new regulations, Massachusetts has made itself a leader in the protection of personal data. Only Connecticut and Nevada have enacted similarly comprehensive regulations but other states, including Washington and Michigan are considering them.

And businesses, especially retailers, should recognize that they can make a selling point out of the high-level of security with which their customers’ private information is protected.

Sign up for Enews

WBJ Web Partners

0 Comments

Order a PDF