Massachusetts Attorney General says you must practice what you preach

International Lawyers Network
Contact

Having a WISP is not enough to comply with data security standards

In the first public settlement of its kind related to violations of the new Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth, 201 C.M.R. 17.00, Belmont Savings Bank has entered into a settlement with the Massachusetts Attorney General following a data breach in which an unencrypted backup tape containing the names, Social Security numbers, and account numbers of more than 13,000 Massachusetts residents was lost after a Belmont employee failed to follow the bank’s own Written Information Security Program (“WISP”).

In May 2011, a Belmont employee left an unencrypted backup tape on a desk rather than storing it in a vault for the night, which was then inadvertently thrown away by the evening cleaning crew. Although Belmont had a WISP, which met the new Massachusetts data security standards, Belmont failed to comply with the WISP in practice. Specifically, Belmont failed to encrypt portable devices, such as the backup tape, which contained personal information.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

International Lawyers Network
Contact
more
less

International Lawyers Network on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.