Search
  • Jeremy Bombard

WRITTEN INFORMATION SECURITY PROGRAM (“WISP”)

Many of you saw the email that went out regarding the Written Information Security Program (“WISP”) project. I am working in collaboration with Brian Kilcoyne of H & K Insurance and David Levenson of Creative Computer Consulting to provide a comprehensive plan to protect your company with its data security.


Massachusetts data security regulations (201 CMR 17.00) require all businesses that deal with paper and electronic personal information to implement a WISP to safeguard that information. Not only must you have the plan in place, but it must also be reviewed annually (or whenever there is a change in business conditions). The Massachusetts Office of Consumer Affairs and Business Regulations has a compliance checklist that sets out some requirements.


Failure to comply with 201 CMR 17.00 leads to fines and penalties, plus private litigation involving your business. The Attorney General can seek action against your company under the Massachusetts Consumer Protection Law (Chapter 93A). If a court finds you knew, or should have known that the company’s actions constituted a violation, it can impose a fine of up to $5,000, plus costs and attorney’s fees for each breach.


If your company has no WISP in place, or you have updated it recently, now is the time to contact my team and me. Not only is it a good idea, but it’s also the law.

7 views

Recent Posts

See All

Always Get That Debt in Writing.

If you have ever taken out a loan, you know the paperwork involved. If it is a mortgage, there is even more paperwork. All that paperwork is to ensure that if you fail to pay back the borrowed money,

Simplicity is Key

With contracts, agreements, and all legal documents, simplicity is vital. People tend to overcomplicate documents because they believe the more words, the better. I think that some lawyers get paid by

SUCCESSION PLANNING

Every business owner should have a succession plan in place. Especially with the recent COVID-19 pandemic, the business owner should rethink how they would handle an end-of-business situation (e.g., y

DISCLAIMER: This website is only for general information and not legal advice.  You should not rely on any content.  Each legal situation is different, and its outcome varies based on some factors. This website is not a solicitation, especially in jurisdictions where Attorney Bombard is not licensed to practice.  Do not send any information until an attorney-client agreement is executed.  Contacting Bombard Law creates no attorney-client relationship.