Attorneys
Worcester
Worcester
The Guaranty Building
370 Main Street, 12th Floor
Worcester, MA 01608
Framingham
Framingham
The Meadows
161 Worcester Road, Suite 501
Framingham, MA 01701
Boston
Boston
12 Post Office Square, 6th Floor
Boston, MA 02109
Providence
Providence
1 Richmond Square, Suite 303N
Providence, RI 02906
Cape Cod
Cape Cod
1597 Falmouth Road
Centerville, MA 02632
Hudson
Hudson
69 Main Street
Hudson, MA 01749
New Bedford
New Bedford
651 Orchard Street, Suite 107
New Bedford, MA 02744
Medfield
Medfield
Olde Medfield Square
266 Main Street, Bldg. 2, Suite 15A
Medfield, MA 02052
Practice Areas
Niche industries
Open detail
Cannabis & Breweries
Cannabis & Breweries
Open detail
Closely Held and Family-Owned Businesses
Closely Held and Family-Owned Businesses
Open detail
Condominiums
Condominiums
Open detail
Medical & Dental Practices
Medical & Dental Practices
Open detail
Private Foundations
Private Foundations
Open detail
Real Estate Developers
Real Estate Developers
Open detail
Restaurants
Restaurants
Open detail
All Industries
  • Wed. Oct. 28, 2020
  • 6:00-8:00 PM
 

Government Benefits to fund Housing for Persons with Disabilities

Take a deep dive into learning about Government Benefits that provide residential supports.

Learn More

Learn MoreClick here to Register
  • Multiple Dates

Estate Planning Webinar

Please join Fletcher Tilton Tax Attorney and Certified Elder Law Attorney Michael T. Lahti for an informative webinar. In the comfort of your own home or office, you will learn why some wills do not work, even when drafted correctly.  Details for the next upcoming date.

SHOW ALL UPCOMING DATES

Learn More
Learn More
  • Multiple Dates

How to Administer a Special Needs Trust

This annual training and update for Parents, Trustees and Successor Trustees of Special Needs Trusts and OBRA ‘93 Trusts has been reconfigured into a three-part series of evening webinars to accommodate these unusual times.  Details for the next upcoming date.

SHOW ALL UPCOMING DATES

Learn More
Learn More
Learn More
  • Tue. Nov. 17, 2020
  • 6:00-7:00 PM
 

Thrive Support & Advocacy Virtual Workshop

Fletcher Tilton attorney Theresa Varnet, M.S.W., J.D. will speak about ABLE Accounts with 1st and 3rd Party Special Needs Trusts.

Learn More

Learn More

View Past Seminars

Articles

Complying with Massachusetts' Personal Data Security Law

By Joseph T. Bartulis, Jr. on October 27, 2019

In 2010, Massachusetts passed a comprehensive data security law and related regulations which must be complied with by all businesses that maintain “personal information” of its employees, customers, or vendors, etc.

The law and its attendant regulations impose minimum standards for safeguarding personal information contained in both paper and electronic records. The law and the regulations were meant to greatly diminish the risk of one’s personal information being compromised by creating a significant onus on the possessors of such information to safeguard it. The regulations were promulgated by the Commonwealth’s Office of Consumer Affairs and Business Regulation and are contained in the Code of Massachusetts Regulations at 201 CMR 17.00.

Personal information is defined as a Massachusetts resident’s first name and last name or first initial and last name in combination with the resident’s: (a) Social Security number; or (b) driver’s license number; or (c) a financial account number or credit card number. Businesses that fail to take the necessary steps to safeguard this personal information will, if a breach occurs, be subjected to potential civil penalties of $5,000 for each violation, among other things.

KEY ELEMENTS OF THE REGULATIONS

At its core, there are two main areas that must be addressed to protect one’s organization from significant potential liability. They are: protection of the data generally (via what is referred to in the regulations as a Written Information Security Program “WISP”) and through the implementation and use of certain computer system information technology protections and practices. In this article, I will very briefly highlight the key items of the WISP document.

WRITTEN INFORMATION SECURITY PROGRAM (WISP)

Whether an organization has taken appropriate steps in its WISP to protect information shall be evaluated by taking into account: “(i) the size, scope and type of business of the person obligated to safeguard the personal information under such comprehensive information security program; (ii) the amount of resources available to such person; (iii) the amount of stored data; and (iv) the need for security and confidentiality of both consumer and employee information.”

Each WISP must address the following points: It should: 1) specifically name one or more designated individuals as the overseer of the organization’s protection of personal information; 2) identify risks & assess current safeguards; 3) contain policies regarding whether and how employees may keep, access, and transport records containing personal information off of business premises; 4) contain statements that employees will be subject to discipline measures for violations of the WISP; 5) bar access by former employees the moment they leave your organization’ employ; 6) contain a statement that the organization will take reasonable steps to verify that third-party service providers that the organization allows access to personal information (e.g. credit card processor) have the capacity to protect such personal information; 7) specify that personal information should only be retained for the minimum amount of time needed to complete the transaction for which it was provided; (8) detail the process by which the organization identifies paper, electronic and other records, including laptops and portable devices which contain personal information; 9) establish written procedures to restrict physical access to records; 10) contain language that the “designated employee” will regularly monitor the organization’s personal information practices  to confirm whether the organization is operating in a manner reasonably calculated to prevent unauthorized access to or unauthorized use of personal information; 11) contain a statement that, in addition to the regular monitoring (see #10), the organization’s designated employee will also conduct a thorough review of the WISP no less often than annually; and 12) contain a procedure to document breaches that occur and what responsive actions will be/were taken.

Your organization should make sure it has prepared a WISP which addresses each of the above items and to make sure your IT department has taken all of the requisite IT steps required under the regulations (which were not discussed in this short article but can be found in 201 CMR 17.00) as well.

Please enter your name.
Please enter your email address.
Please enter your message.

You must attach a copy of the PDF application form linked above. You may add pages to the application, but the name of the file must remain the same.

Please attach Job_Application_Form.pdf
reCAPTCHA is mandatory
Subscribe to our newsletter.
First name is required.
Email is required.
Email does not match.
Publications
reCAPTCHA is mandatory
Welcome to fletcher tilton Online Invoice Payment Center.
Card holders name is required.
Please enter invoice number.
Please enter amount to be paid.
Please enter valid card number.
CCV code is required.
/
Please select expiration date.
Please enter your street address.
Please enter your city.
Please enter your state Code.
Please enter your postal code.
Please enter your contact number.
Please enter your email address.
Welcome to fletcher tilton Online Retainer Funding Center.
Card holders name is required.
Please enter a client number.
Please enter amount to be paid.
Please enter valid card number.
CCV code is required.
/
Please select expiration date.
Please enter your street address.
Please enter your city.
Please enter your state Code.
Please enter your postal code.
Please enter your contact number.
Please enter your email address.
Welcome to fletcher tilton Online Immigration Pre-Payment Center.
Bank account type is required.
Please enter a valid name.
Please enter amount to be paid.
Please enter client number.
Bank routing number is required.
Bank routing did not match.
Bank account number is required.
Bank account number did not match.
Please enter your street address.
Please enter your city.
Please enter your state Code.
Please enter your postal code.
Please enter your contact number.
Please enter your email address.
Welcome to fletcher tilton Online PAY BY CHECK.
Bank account type is required.
Please enter a valid name.
Please enter amount to be paid.
Please enter invoice number.
Bank routing number is required.
Bank routing did not match.
Bank account number is required.
Bank account number did not match.
Please enter your street address.
Please enter your city.
Please enter your state Code.
Please enter your postal code.
Please enter your contact number.
Please enter your email address.