In the final post of the Accufile series on Written Information Security Programs (WISP), we want to explore what happens when you do not have a WISP.
As we previously indicated, a WISP is a Written Information Security Program mandated by the Commonwealth of Massachusetts and a number of other states. If your company maintains ‘personal information’ about Massachusetts residents, then you must have certain administrative, technical, and physical safeguards. The regulation spells out exactly what information must be protected by a WISP and what organizations are required to do.
All fine and dandy, but what are the consequences of not having a WISP?
Again, you must (a) provide security and protect the confidentiality of your client’s information, (b) protect against threats to the integrity of that information, and (c) protect against unauthorized use. You are obligated to safeguard the personal information which you may hold.
Massachusetts General Law – Part I, Title XV, Chapter 93A, Section 4 identifies the penalties for non-compliance. If you fail to implement and maintain a security program, you would be in violation and subject to enforceability by the Massachusetts State Attorney General. Civil penalties under this law call for up to $5,000 per offense plus reasonable legal fees, in addition to $100 per item for improper disposal, up to a maximum of $50,000 per instance. Additionally, any data breach must be reported to the Office of Consumer Affairs and Business Regulation (OCABR) and the Attorney General.
Under this law, the Attorney General can get a court order to stop you from being in violation of the law. So, it appears that following this law would be the way to go, as it is easier to comply than not.
There are female viagra for sale other reasons like malfunctioning of the food absorption process in the body, which might be caused by Herniated disc, Spine stenosis. Can the purchase really get any simpler than this? Not many people are interested in wearing the complex devices on for several hours and it is up to the patients to continue with intercourse as long female viagra online as they want. In particular this generation grew up this pharmacy store getting viagra with him. To decrease your risk substitute your dairy milk with soy pill viagra milk or give up the use of milk completely.It is not clear if you had a breach and lost one name, would it be one violation or if you lost ten names, would it be ten violations at $5,000 each. However, it is best to stay ahead, and develop a WISP for your organization and protect the information with which you are entrusted.
Do not forget the training aspect. You may have a plethora of people working from home who all need to be trained, and, further, tasked with protecting the personal information they may have. We recommend that your WISP address work-from-home.
There are information governance professionals who do this for a living; perhaps a call to them is worthwhile.
For further reading:
Information Governance: Is Your WISP Current to Working from Home?
Related Posts
Data Breaches Are All Around Us It seems like every day we hear [...]
Can You Safeguard What You Don’t Directly Control? Navigating a work-from-anywhere (WFA) environment [...]
Information Governance Requires Defensible Destruction Part 1-Implementing Policies-The Hows and Whys Corporate workplaces [...]