A WISP is a Written Information Security Plan. The State of Massachusetts is requiring every business that owns or licenses the Personal Information (more on the definitions below) of Massachusetts residents to have such a plan.
I know what you’re thinking. Dagnabbit, I’m in Texas. I don’t need to follow some crazy law passed by a bunch of yella-belly East Coast lib’rls. (We don’t really talk like this. A lot of people think like this sometimes, but we don’t talk like this).
My reaction was initially the same. This law applies to credit card processors and e-commerce sites in Boston. Then, I read the definitions. Unfortunately, if you are doing business online, or helping others do business online, you probably do business with a Massachusetts consumer and should consider developing your own WISP.
Background on the law
Massachusetts passed the law in 2007, Chapter 93H, that applies to “any person that owns or licenses personal information about a resident” of Massachusetts.
To see if you need to read more, you need to know if you “own or license” “personal information.”
Personal Information is defined as a consumer’s first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver’s license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account.
Please see full alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.