Search
  • Jeremy Bombard

WRITTEN INFORMATION SECURITY PROGRAM (“WISP”)

Many of you saw the email that went out regarding the Written Information Security Program (“WISP”) project. I am working in collaboration with Brian Kilcoyne of H & K Insurance and David Levenson of Creative Computer Consulting to provide a comprehensive plan to protect your company with its data security.


Massachusetts data security regulations (201 CMR 17.00) require all businesses that deal with paper and electronic personal information to implement a WISP to safeguard that information. Not only must you have the plan in place, but it must also be reviewed annually (or whenever there is a change in business conditions). The Massachusetts Office of Consumer Affairs and Business Regulations has a compliance checklist that sets out some requirements.


Failure to comply with 201 CMR 17.00 leads to fines and penalties, plus private litigation involving your business. The Attorney General can seek action against your company under the Massachusetts Consumer Protection Law (Chapter 93A). If a court finds you knew, or should have known that the company’s actions constituted a violation, it can impose a fine of up to $5,000, plus costs and attorney’s fees for each breach.


If your company has no WISP in place, or you have updated it recently, now is the time to contact my team and me. Not only is it a good idea, but it’s also the law.

8 views0 comments

Recent Posts

See All

SMALL BUSINESS WORKSHOP

On April 12, 2021, Framingham’s Planning and Community Development Office is hosting a small business workshop. I, along with others, will be discussing how we can assist your business. My focus will

SUCCESSION PLANNING 2.0

Last June, I wrote that every business owner must have a succession plan. A business owner must have a plan in place to keep the business running. Not ‘should,’ not ‘think about having one,’ but must.

Terms & Conditions – UPDATED

Back in April 2019, I wrote a blog on Terms and Conditions. I wrote, “Your terms and conditions set out your policies, how you deal with private information, warranty information, liability, and anyth

DISCLAIMER: This website is only for general information and not legal advice.  You should not rely on any content.  Each legal situation is different, and its outcome varies based on some factors. This website is not a solicitation, especially in jurisdictions where Attorney Bombard is not licensed to practice.  Do not send any information until an attorney-client agreement is executed.  Contacting Bombard Law creates no attorney-client relationship.