ASSESSMENT DATA

Assessment Data

Assessment Data

Legal issues in Assessment data

With identity and credit card data theft in the headlines, several states, have started to move forward aggressively on new security rules regarding storage of personal information. The new laws require specific information to be encrypted or stored in a secure location. These requirements, in some instances, are stricter than federal compliance regulations. This rule goes into effect on March 1, 2010, but organizations need to address their compliance and policies in advance of this deadline. The following records containing a first and last name or first initial and last name are included in the rule:

Social Security number

A driver's license or state identification number

A financial account number or credit/debit card number (Behrooz, 2005)

The above data needs to be encrypted and protected, and access needs to be monitored. Written policies must be put into place. There must be full documentation and all staff must be trained. Organizations should be prepared to present a certificate of compliance. The penalties for noncompliance can be significant -- fines range from $5,000 to $15,000 per infraction, which can add up quickly. The new laws also increase an organization's exposure to lawsuits. This becomes quickly apparent if security is breached and information is accessed. If an audit then determines that the organization is not compliant, criminal litigation may be initiated (Akhlaghi, Behrooz, 2005). Meanwhile, other consequences of noncompliance include damage to an organization's reputation, the expenditure of the time and resources necessary to determine the cause and extent of a breach, the expense of notifying affected individuals, and implementing corrective action. As the laws go into effect early in 2010, and states are moving forward as well, now is the time to review your policies and procedures with an eye toward compliance. Here, are some of the questions addressed:

If you maintain personal information electronically, can it be printed and stored?

If you need to maintain personal information electronically, do you have specific written policies and procedures in place regarding access and security?

Are your employees trained on how to handle confidential data?

Do you have proactive and defensive policies and protection to ensure your computing environment is secure? (Akhlaghi, Behrooz, 2005)

A Rule Audit is offered now which is performed in conjunction with the preferred IT vendor and partner. Together we provide a comprehensive written report which will:

Educate the organization on the new Massachusetts Rule 17.03 and 17.04 requirements

Identify the organization's areas of risk and liability

Provide a specific remediation plan, including the creation of policies and how to train staff

Provide a written (required by law) IT and physical security program (ANZECC, 1992)

This audit is designed specifically to address the needs of nonprofit clients but, it can also be helpful to other organizations if they are looking at privacy issues and concerns. The audit provides organizations with a full report and an action plan very quickly, often within days.

Social issues in Assessment Data

The focus of environmental impact assessment is often on the biological and physical aspects of the ...