Standards for the protection of personal
information of residents of the Commonwealth of Massachusetts 201 CMR 17.03(2)
Regulatory Text
Without limiting the generality of the foregoing, every comprehensive information security program shall include, but shall not be limited to:
(b) Identifying and assessing reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of any electronic, paper or other records containing personal information, and evaluating and improving, where necessary, the effectiveness of the current safeguards for limiting such risks
Organizations that own or license personal information of Massachusetts residents must protect its security, integrity, and confidentiality.
How Can We Help?
Theta Lake's Compliance Solutions
Since organizations must protect the security, integrity, and confidentiality of personal information of Massachusetts residents, implementing oversight to understand how such information is shared, shown, or spoken is essential.
Theta Lake facilitates compliance with the MA Data Security Regulation by enabling the identification of private information like Social Security Numbers, birthdates, credit card numbers, email addresses, and National ID numbers in what was shown, shared or said during a collaboration interaction. Following identification, potential disclosures of private information are surfaced in the review queue allowing compliance and risk teams to investigate and remediate issues.
Theta Lake’s Safety COVER feature provides comprehensive reporting and management of enterprise collaboration security settings. Organizations can ensure that collaboration settings to prevent Zoombombing and unauthorized access like passwords, waiting rooms, and encryption are enabled, and remain active, across all deployments. Additionally, Theta Lake’s platform can redact private information in video, audio, and text to ensure that it does not proliferate during the review process. Theta Lake adds a layer of security and control to existing communication processes to enable compliance with MA Data Security Regulation mandates.