DID YOU KNOW? January 28, 2014 is "Data Privacy Day"
January 27, 2014
To our Clients and Friends …
Data Privacy Day, held annually on January 28th, is a day that encourages everyone to make privacy and data protection a priority.
With the flood of serious breach incidents in the past two months involving Target, Neiman Marcus, Briar Group Restaurant Chain, St. Francis Hospital in Hartford, CT and the Connecticut Department of Labor, among many others, all New England businesses need to take a fresh look at how they protect personal information and other confidential information. Remember, personal information is defined as an individual’s name plus a social security, bank, credit/debit card and/or driver’s license number.
As Chair of Murtha’s Information Security and Privacy Group, my goal is to encourage and assist you in developing, maintaining, and updating a robust written information security plan (“WISP”) to protect you and your company. A WISP is legally required for all businesses holding personal information on Massachusetts residents, and for health care providers, financial institutions and companies that provide professional services to health care providers. Even if a WISP is not mandatory for your business, it is a good idea to have one in order to minimize your chances of being the subject of the next data breach headline.
WISPs are straightforward and cost-effective to develop. They help each business identify the personal and confidential information it holds, identify where and how the information is stored (electronic or paper format), and review the quality of the protections that limit access to legitimate users within the business and preclude illegitimate outside access. WISPs review security and privacy-related procedures and then codify protections and improved procedures in a written plan. WISPs are typically required as a precondition for obtaining specialized data security insurance and may also help reduce your premiums.
So, in the spirit of Data Privacy Day, please make 2014 the year you resolve to get your information security procedures in order and protect your employees, customers and, most importantly, your business from the adverse effects of security breaches.
Feel free to contact me or any member of our Information Security and Privacy Group if you have questions or need assistance getting started.