State Mandated Compliance Requirements - GDPR - CCPA

Compliance Management Tools

Compliance Managment

Individual state data protection laws are unique in several ways. For example, Massachusetts has extended its reach well beyond its own borders by mandating data protection for its citizens regardless of where that data resides. On the other hand, most other state laws, do not define what methods shall be used (e.g. , encryption) to protect its citizens' data. In addition, the Massachusetts law provides for large civil penalties in the case of non-compliance, and opens organizations to seemingly unlimited civil action.

Order Compliance Management Kit  Download Selected Pages

While it is not yet clear how this law will in fact be enforced, it is clear that any organization with customers in Massachusetts will be facing a tough new data protection environment. And as such, it behooves these organizations to start preparing now, to ensure not only compliance with this new law but to drive towards true data security and peace of mind.

To protect these types of sensitive data using identity management solutions, the following challenges must be addressed:

  • Define and track changes to various policies, procedures and controls related to access rights.
  • Track ongoing violations to the policies and processes related to access rights.
  • Monitor the timeliness of violation or exception detection mechanisms and the corresponding remediation activity.
  • Audit access activity for all resources hosting sensitive information.
  • Analyze unauthorized attempts to access or change sensitive information.
  • Analyze the incremental effectiveness of controls around access rights.

State Notification Laws

The graphic clearly depicts the magnitude of the current situation and the table provided by The National Conference of State Legislatures includes links to the individual states. The Security Manual Template address each of these mandate requirements.

California SB 1386 Personal Information Privacy

This regulation affects companies that do business with individuals living in California even if the ENTERPRISE is located outside of the state.

If unencrypted personal data is compromised, then ENTERPRISE must immediately disclose to the customer that a security breach has occurred.

Massachusetts Data Protection Requirements

Organizations that do business with Massachusetts residents must:

  • Control passwords to ensure they are kept in a location and/or format which will not compromise the security of the data they protect
  • Encrypt all personal information stored on lap tops or other portable devices
  • Ensure reasonably up-to-date fire wall protection and operating system security patches, designed to maintain the integrity of the personal information
  • Ensure up-to-date versions of system security agent software, which must include malware protection and up-to-date patches and virus definitions
  • Have a Written Information Security Program (WISP) and to take “reasonable steps” to ensure that any third-party / independent contractors comply with these data protection provisions. (The Janco Security Manual Temple includes a detail check list and policy template that meets these requirements)

Compliance Management Tool Kits

Janco offers a full range of tools to help enterprises of all sizes to address these issues. The Compliance Management kit provides the infrastructure tools necessary address these mandated requirements.

The Compliance Management tool kit comes in three (3) versions: Silver, Gold, and Platinum. Plus you can save over $2,000 when you order the COBIT IT Governance Kit

Compliance Management - Silver Edition

Order

Compliance Management White Paper  Secuirty Audit Program  Secuirty Audit Program  Supply Chain Audit Program  PCI Audit Program  Compliance Job Descriptions
  • Compliance Management White Paper
  • HIPAA Audit Program
  • Security Audit Program - fully editable -- Comes in MS EXCEL and PDF formats -- Meets ISO 27001, 27002, Sarbanes-Oxley, PCI-DSS and HIPAA requirements -- Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 39 separate task groupings including BYOD.
  • Supply Chain ISO 28000 Audit Program -- Comes in MS EXCEL and PDF formats -- Meets ISO mandates
  • PCI Audit Program - Word and PDF
  • Compliance Management Job Descriptions (25 key positions) - Word Format - fully editable and PDF- Chief Compliance Officer (CCO), Chief Data Officer, Chief Mobility Officer, Chief Security Officer, Data Protection Officer, Director Electronic Commerce, Director IT Management and Controls, Director Sarbanes-Oxley Compliance, Manager Blockchain Architecture, Manager BYOD Support, Manager Compliance, Manager E-Commerce, Manager Enterprise Architecture, Manager Internet Systems, Manager Record Administration, Manager Transaction Processing, Manager Video and Website Content, Manager Web Content, Manager Wireless Systems, PCI-DSS Administrator, System Administrators - Linux, System Administrators - Windows, System Administrators - UNIX, Webmaster, and WiFi Network Administrator

Compliance Management - Gold Edition

Order

Compliance Management White Paper  Secuirty Audit Program  Secuirty Audit Program  Supply Chain Audit Pogram  PCI Audit Program  Compliance Job Descriptions  Record Management Policy  Privacy Compliance Policy
  • Compliance Management White Paper
  • HIPAA Audit Program
  • Security Audit Program
  • Supply Chain ISO 28000 Audit Program
  • PCI Audit Program
  • Compliance Management Job Descriptions (25 key positions)
  • Record Classification and Management Policy - Word - Policy which complies with mandated US, EU, and ISO requirements
  • Privacy Compliance Policy that address the EU's GDPR and the latest California Consumer Privacy Act

Compliance Management - Platinum Edition

Order

Compliance Management White Paper  Secuirty Audit Program  Secuirty Audit Program  Supply Chain Audit Program  PCI Audit Program  Compliance Job Descriptions  Record Management Policy  Privacy Compliance Policy  Security Manual
  • Compliance Management White Paper
  • HIPAA Audit Program
  • Security Audit Program
  • Supply Chain ISO 28000 Audit Program
  • PCI Audit Program
  • Compliance Management Job Descriptions (25 key positions)
  • Record Classification and Management
  • Privacy Compliance Policy that address the EU's GDPR and the latest California Consumer Privacy Act
  • Security Manual Template - Word - 240 plus packed pages which are usable as is. Over 3,000 companies worldwide have chosen this as the basis for their best practices to meet mandated US, EU and ISO requirements

Order Compliance Management Kit  Download Selected Pages