Application Security, Inc., a provider of database security, risk and compliance solutions for the enterprise, has announced an update for its products, AppDetectivePro for auditors and IT advisors, and DbProtect for the enterprise, in response to the Massachusetts Data Privacy Law 201 CMR 17 effective March 1, 2010.
According to AppSec, this law impacts nearly every enterprise organization in the United States and all businesses in Massachusetts that store Massachusetts residents' personal information (PI). All PI data that belongs to Massachusetts residents must be protected at rest and in transit. PI data includes, but is not limited to driver's license numbers, Social Security numbers, financial account numbers, and credit/debit card numbers.
"It is pretty broad-reaching," Josh Shaul, vice president of product management for AppSec, tells 5 Minute Briefing. "When we look at other laws out there like Sarbanes-Oxley, Gramm-Leach-Bliley, HIPAA, California Senate Bill 1386, and all the other breach notification acts, none of them actually and goes through gives you a checklist of requirements that you need to meet and that is what makes Mass 201 so different," says Shaul.
Now, he explains, it is not a matter of a company doing what it wants and justifying that it is right for its needs. "Now they have laid down a bare minimum set of requirements that you must meet and then they have also required organizations to create a written information security plan that documents all the security controls around personal information," says Shaul. "If they come knocking on the door and ask to see your list, you need to be able to produce that, or you are in violation of the bill."
AppSec has developed a policy available via free download that will help customers ensure they are in compliance with new Massachusetts state regulations affecting all organizations that own, store, license, process, transmit, receive or handle Massachusetts residents' personal information. The downloadable policy will allow automated assessment of the database and includes a MA 201 CMR 17 compliance checklist, complete with detailed guidance on how to configure specific settings within Oracle and MySQL, as well as Microsoft SQL Server, IBM DB2, Sybase, and Lotus Notes/Domino to ensure compliance with the law.
For a detailed list of Massachusetts Data Privacy Law 201 CMR 17 requirements, visit AppSec's website.