Part 1 – DO I NEED A WISP AND WHAT IS A WISP? Deadline Approaching for yours


A WISP is a Written Information Security Plan.  The State of Massachusetts is requiring every business that owns or licenses the Personal Information (more on the definitions below) of Massachusetts residents to have such a plan.

I know what you’re thinking.  Dagnabbit, I’m in Texas.  I don’t need to follow some crazy law passed by a bunch of yella-belly East Coast lib’rls.  (We don’t really talk like this.  A lot of people think like this sometimes, but we don’t talk like this).

My reaction was initially the same.  This law applies to credit card processors and e-commerce sites in Boston.  Then, I read the definitions.  Unfortunately, if you are doing business online, or helping others do business online, you probably do business with a Massachusetts consumer and should consider developing your own WISP.

Background on the law

Massachusetts passed the law in 2007, Chapter 93H, that applies to “any person that owns or licenses personal information about a resident” of Massachusetts.

To see if you need to read more, you need to know if you “own or license” “personal information.” 

Personal Information is defined as a consumer’s first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident:  (a) Social Security number; (b) driver’s license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Gray Reed & McGraw, P.C. | Attorney Advertising

Written by:


Gray Reed & McGraw, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.