For the past few years, anyone with customers in Massachusetts has had to follow their state’s information security laws regarding confidential customer information, data in motion, data encryption and more — regardless of where the company is based. Starting March 1, however, a new law will require any third parties with confidential customer data to comply with the information security rules, too.
In other words, if you have customers in Massachusetts, you’d better be certain all of your third-party vendors — including offsite storage, outsourced operations, statement vendors, backup data, etc. — understand these regulatory compliance requirements. Whether you’re offshoring processes or outsourcing services, you and your organization could be legally liable for any potential information security breaches if you do not certify your vendors’ regulatory compliance.
As a third-party vendor, Oyster Consulting fully meets the Massachusetts standards, and we are working to help our clients ensure that their other relationships understand and abide by the information security laws, as well. If you’re unsure whether you and your vendors are in compliance, or you have questions on what they need to certify, don’t hesitate to call me at 804.965.5403. I may not always be by my phone, but I will always call you back.