Written Information Security Program Policies
Massachusetts privacy laws require every organization that maintains “personal information” about residents of Massachusetts to implement a comprehensive Written Information Security Program or “WISP” policy that includes safeguards appropriate to the size and type of business of the organization, the amount of resources available, and the amount and character of stored information.
“Personal information” is defined as a Massachusetts resident’s first name and last name or first initial and last name, in combination with any one or more of the following data elements that relate to the resident:
- Social Security number.
- Driver’s license number or state-issued identification card number.
- Financial account number or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account.
Contact Ellen Lubell to discuss the information security needs of your organization and to develop a compliant WISP policy.
“Ellen Lubell is a responsive, flexible and reliable professional who has provided meaningful legal assistance to The Second Step in a variety of situations. We rely on her good counsel, and appreciate her no nonsense approach to the most difficult problems.”
Roberta Rosenberg, Former Executive Director, The Second Step