Hackers are constantly looking to break into computers and steal personal information. When they steal such information, they can use it to perpetrate identity theft and subsequently pilfer large sums of money.
When personal information is stolen from a corporation’s computers, the number of people that are affected could range from dozens to millions. IT people should protect such valuable information as a matter of course. Regrettably, that is not always the case.
In March of 2010, protecting personal data became a matter of law in Massachusetts. The regulations that are now part of how the law is implemented (201 CMR 17) require that any company that possesses data that could be used in identity theft must put policies and procedures in place to protect the data.
There are many guidelines in the regulations that pertain specifically to IT. I don’t think that Massachusetts will be the last state to adopt such rules and regulations. Hopefully, IT in national companies will not have to deal with 50 different sets of state regulations. In any case, if you are an IT person in Massachusetts, you already have your “marching orders” for protecting personal information. If you live elsewhere, you might want to check out ( http://www.mass.gov/Eoca/docs/idtheft/201CMR1700reg.pdf ) to see a version of what is probably headed your way.
