MA Privacy Protection Compliance

New Massachusetts regulations (201 CMR 17.00: M.G.L. c. 93H), originally effective January 1, 2009, and delayed until March 1, 2010, mandate the development of a "comprehensive, written information security program" (WISP) to safeguard the personal information of Massachusetts employees, residents and consumers.

 These new regulations represent a new phase in efforts by states to combat identity theft. While these regulations apply only to organizations with Massachusetts employees, even organizations without a Massachusetts presence should consider implementing a similar program. Although several states currently have their own statutes regarding personal information protection, the MA regulations likely will be a model for other jurisdictions and could become the standard against which all information security programs are measured.

 CheckWriters Payroll has always employed a series of security controls to protect the personal information of Clients. These controls are regularly tested as part of our SAS70 Type II audit. We have also developed a Comprehensive Written Information Security Policy that specifically addresses our obligations under MA 201 CMR 17.00.

 The MA regulations require that organizations (our Clients), obtain a written certification from each vendor that receives personal information of a Massachusetts resident. The certification should be a stand-alone document and must state that the vendor (CheckWriters) has a written, comprehensive information security program in compliance with MA "Standards for the Protection of Personal Information of Residents of the Commonwealth."

 As a convenience to you, and to ensure your compliance with the provisions of MA 201 CMR 17.00, please click on the link below to download our THIRD PARTY PERSONAL INFORMATION PROTECTION AGREEMENT. You should apply your legal Company name where applicable, sign and date the document. This agreement should be attached to your written information security plan.

Click here to access CheckWriters Payroll THIRD PARTY PERSONAL INFORMATION PROTECTION AGREEMENT

Go back