Search
  • Jeremy Bombard

WRITTEN INFORMATION SECURITY PROGRAM (“WISP”)

Many of you saw the email that went out regarding the Written Information Security Program (“WISP”) project. I am working in collaboration with Brian Kilcoyne of H & K Insurance and David Levenson of Creative Computer Consulting to provide a comprehensive plan to protect your company with its data security.


Massachusetts data security regulations (201 CMR 17.00) require all businesses that deal with paper and electronic personal information to implement a WISP to safeguard that information. Not only must you have the plan in place, but it must also be reviewed annually (or whenever there is a change in business conditions). The Massachusetts Office of Consumer Affairs and Business Regulations has a compliance checklist that sets out some requirements.


Failure to comply with 201 CMR 17.00 leads to fines and penalties, plus private litigation involving your business. The Attorney General can seek action against your company under the Massachusetts Consumer Protection Law (Chapter 93A). If a court finds you knew, or should have known that the company’s actions constituted a violation, it can impose a fine of up to $5,000, plus costs and attorney’s fees for each breach.


If your company has no WISP in place, or you have updated it recently, now is the time to contact my team and me. Not only is it a good idea, but it’s also the law.

14 views0 comments

Recent Posts

See All

Last month, I wrote about the key people you need to assist your small business. After sending out the post, I heard feedback about other key people that are beneficial. Here are some of those addit

Many small businesses outsource their key departments. It only makes sense if you do not need a full-time person. Hire a company to manage a specific role, let them work when needed, and reduce over

When parties enter a contract, there must be a mutual agreement on the terms. Essentially this is Contract 101; there must be a benefit of the bargain. Often, one party is contributing money, and th