Home
Topics
Security Audit, Compliance and Standards
Data Privacy and Protection
What you need to do for MA 201 CMR 17 compliance

What you need to do for MA 201 CMR 17 compliance

Date: Jan 04, 2011

MA 201 CMR 17 requires a lot of enterprises that hold sensitive personal data, but there are provisions for compensating controls based on "feasibility," or, whether an organization has the resources available to comply.

In this video, expert Richard Mackey outlines the steps that every organization must take for MA 201 CMR 17 compliance, detailing which requirements apply to all, and which are more malleable.

Topics include:

Background (1:49)

Specific requirements (3:23)

How to decide which controls to implement (12:15)

Feasibility (21:43)

Risk management (26:33)

Training and awareness (34:21)

Encryption (36:47)

Summary (37:54)

About the author:
Richard Mackey is Vice President of SystemExperts Corp.

More on Data Privacy and Protection

PCI tokenization: Credit card security policy guidance
VIDEO - Experts Diana Kelley and Ed Moyle discuss the PCI guidelines on tokenization, and how the technology could aid your enterprise.
RSA 2011 preview: Compliance
VIDEO - In this RSA Conference 2011 preview video, SearchSecurity.com News Director Robert Westervelt moderates a discussion on a wide variety of compliance issues. Speakers include SearchSecurity.com Senior Site Editor Eric Parizo, and Research Director Josh Corman of The 451 Group.
Q&A: Forrester's Chenxi Wang discusses cloud compliance
VIDEO - Forrester's Chenxi Wang discusses cloud compliance and the issues involved with maintaining compliance with PCI, SOX and HIPAA and using cloud-based services.
A bold view on prioritizing computer security laws
News - The number of computer security laws in the U.S. can be daunting. One bold lawyer suggests a way to prioritize the laws and avoid most legal battles.
( May 24, 2012 | Security Bytes blog )
How regulation should -- and shouldn't -- influence cybersecurity policy
Tip - Recent breaches display the importance of cybersecurity policy, and regulations provide a decent data protection roadmap. But compliance does not automatically equal security.
Should the new Google privacy policy concern enterprises?
Tip - Google’s tentacles reach deep into most enterprises, but should enterprises worry about the new Google privacy policy? Expert Michael Cobb discusses.
EU cookie regulations: Advice for firms in the US and other countries
Answer - Expert Alan Calder responds to a reader’s question: Must companies outside the EU change their websites to comply with EU cookie regulations?
For U.S. companies, EU cookie compliance calls for website changes
Tip - With recent changes to European data privacy laws, U.S. enterprises must make website changes to meet EU cookie compliance deadlines.