Below is Kathleen Zortman's response to my question as to whether VA, MD or DC have laws similar to that which recently went into effect in Massachusetts. Read on!
Thanks,
Jimmy
What does Jimmy do all day? Follow him: www.brocknorton.com/followjimmy
--------------------------
Sent using BlackBerry
From: Kathleen Zortman, Professional Risk Solutions
As promised, I spoke with our attorneys re: any law or legislation in DC, MD or VA (or other states) that is similar to the new Massachusetts Privacy Legislation. Our quick research indicates the following:
· Virginia, Maryland and District of Columbia have enacted breach notification laws—which require notification to consumers of security breaches involving personal information (e.g. name, ss#, driver’s license #, credit card #, etc.). In fact, they are part of the approx. 45 states that have done so (see PDF list attached). However, according to a March 1, 2010 article by The Compliance Authority, Inc., it appears that only Massachusetts and California have called for access control—i.e. the monitoring operations and encryption of data requirements as set forth in Massachusetts law (20 CMR 17.00).
· Other articles suggest that the Massachusetts law (20 CMR 17.00.) is breaking new ground in data protection requirements, just as the California state data breach notification law <http://www.bankinfosecurity.com/html/rr_ca_bill_1386.html> that was passed in 2003 did for state data breach notification laws. It appears that the Massachusetts government didn't believe that data breach notification alone was sufficient to protect its citizens especially in the midst of the current climate of consumer protectionism. The effect of the Massachusetts law has already been seen though, as other states (such as Michigan) are looking at passing similar tough data protection requirements for their state residents' personal information.
It appears that this is a burgeoning area of the law. Therefore, we will continue to monitor the situation and let you know of any meaningful changes. I hope this information is helpful. Please let me know if you have any further questions.
Regards,
Kathleen
Kathleen O. Zortman
President
Professional Risk Solutions
285 Davidson Ave, Suite 101
Somerset, NJ 08873
p. 732.764.1000 x17
m. 908.230.5731
e. kathleen@prsbrokers.com
Wednesday, March 24, 2010
Mass Privacy Legislation: Other States too?
Thursday, March 18, 2010
Does Your Company Have a Cell Phone Policy?
Essentially, if businesses don't address it, then they can be accused of condoning irresponsible driving behavior resulting in loss to life or limb.
The first step is to institute a written Fleet Safety policy that addresses cell phone use while driving.
Does your company have a policy? What does it include? How is the policy enforced?
New Privacy Legislation For Companies with Clients in Massachusetts
Liability from exposure of private information is NOT covered by a General Liability policy. Specialized coverage must be secured through a Cyber Liability policy - or possibly endorsed onto an Errors & Omissions (E&O) or Directors & Officers (D&O) policy.
Thanks to the specialists at Professional Risk Solutions (http://www.prsbrokers.com/) for sending this information out to agents.
More states might follow suit in the future.
New Massachusetts ‘Personal Information and Privacy’ Law: 201 CMR 17.00
Effective March 1, 2010
This affects:
Any company who maintains private, personal or confidential information on residents of
Our recommendation:
For any company that maintains records on residents of Massachusetts, we urge you to review:
· data security procedures and practices to make sure they comply with the new law
· the
· insurance coverages and limits, including Cyber Liability and D&O
What the law says
Starting March 1, the new law requires that any company that holds personal information on Massachusetts residents, must abide by certain standards and practices to protect and store that information, and prevent it from ‘leaking out’ or being exposed to unauthorized persons.
The law apparently applies independently of other data security regulations. So even if a company complies with HIPAA regulations, for example, the new Massachusetts requirements still apply.
It doesn’t matter whether the company or organization is based in Massachusetts or not - - only that they hold personal or private information on residents of Massachusetts.
What’s the insurance and liability issue?
If a company failed to follow these established standards and security practices -- and customer records were ever exposed, whether maliciously or accidentally -- the company could possible be liable for action by the Massachusetts Attorney General. Or, consumers whose records or information were compromised could sue for damages. Having a stringent law ‘on the books’ about safeguards could conceivably strengthen their cases.
Kathleen O. Zortman
President
Professional Risk Solutions
Monday, March 1, 2010
My Value Proposition
there. Of course, I think I'm great, but potential clients don't know
me from agent Adam.
I will start with a good Value Proposition. People will listen if they
perceive that the conversation will benefit them. Here's what I have so
far:
Commercial Insurance
I will simplify it.
I will explain it.
I will tell you how to improve it.
I will work to save you money on it.
If I can't accomplish those goals, then I'll tell you about it.
Does that make sense to you?
Posts
