July 30, 2009
Already reeling from a lack of consumer confidence following the financial crisis, banks continue to face scrutiny over protecting customer data, and regulators are turning up the pressure. The new Massachusetts Data Security Regulations, which take effect in early 2010, could create serious challenges for financial services companies that handle the personal data of Massachusetts residents -- even if they do not have an office in the Bay State. The regulations go beyond the rules of other states and the federal government, requiring companies that handle the personal data of any Massachusetts residents to demonstrate that they have in place comprehensive, written information security programs with security procedures for handling consumers' personal data. What kinds of technology and processes are required for compliance, and are banks' security and privacy policies and systems up to the challenge?