Comments for Peritus Security

Comment on Good news! by Jason Lee II

Jason Lee II — Tue, 02 Dec 2008 19:10:00 +0000

I can't believe MA has to inact another law to make sure business out there protect my information.

I say we let the free market take care if it, if a business doesn't secure my personal information and it gets stolen, they should be sued and put out of business, case closed. But then again, that just puts more money in the hands of the lawyers.

So, let's be proactive instead of reactive people, hire a reputable IT firm to help you protect your data, spend the money where it counts.

Comment on New MA Security Law – MGL 93H by Ashwood

Ashwood — Mon, 01 Dec 2008 14:04:00 +0000

Its great idea for the Commonwealth to set out some rules and regulations that will help protect my identity at the workplace and at home. Also with it protecting my information with businesses that i buy stuff with i feel safer when purchasing computer equipment offline. Overall this will be a great move for the commonwealth.

Comment on New MA Security Law – MGL 93H by Sarge

Sarge — Wed, 26 Nov 2008 22:44:00 +0000

Its nice to finally see us get something out of Massachusetts for a change.I personaaly think this new regulation 201 CMR 17.00 is good for us. When ot comes to personal information, we need to be protected.It will also be good for the economy, because it willproduce new jobs. They are going to need people to monitor the progrees. And maybe now that the penalties are getting stricker and expensive, people will think twice about stealing personal information.

Comment on New MA Security Law – MGL 93H by Dan

Dan — Wed, 26 Nov 2008 22:31:00 +0000

I believe that this new “MGL 93H” law will lead us only into more security laws in the future.Which is a good thing because we need to be protected like this. I feel more secure with this law passing. Every important data or information needs to be protected and this will only help be more secure.

Comment on New MA Security Law – MGL 93H by Leonette

Leonette — Wed, 26 Nov 2008 17:55:00 +0000

I am a firm believer of the 201 CMR 17. Yes, it may be quite extreme, tedious, and far reaching, but I think that every business should do what ever it takes or what ever is required to ensure that everyone’s personal data remains personal. I also believe, that more businesses would take it more seriously, now that the government is getting involved and issuing heavy consequences if the requirements are not regularly met. Honestly, the only impact I see on businesses is probably more work, and more money going towards ongoing training programs. This can become quite stressful and frustrating but at the same time, every client/consumer should be 100% protected against identiy theft, or any other confidetnial records. 201 CMR 17 can also be something positive for businesses; consumers/ clients/ patients, can feel more secure with your business. In fact, they may trust your business so much to the point that it builds a Business to Consumer relationship that in return would keep the client/consumer coming back to continue doing business with you. With all the news of increasing numbers of identity theft, security breaches and so on, 201 CMR 17 is exactly what the consumer needs to lift that burden, worry, and stress of their private information becoming public or availbale to another.

Comment on New MA Security Law – MGL 93H by chad

chad — Wed, 26 Nov 2008 17:31:00 +0000

I also think that its a good idea. It will protect all of us and don’t really think many people will think any bad of it. We need to protect ourselves from stuff like this happening again in the future, so I support this idea.

Comment on Good news! by KeepingARecord

KeepingARecord — Wed, 26 Nov 2008 17:24:00 +0000

I support the MGL 93H as it seems to be in the best interests of everyone but cyber criminals. Companies may take a brief financial hit in order to comply, but the possible alternative consequences would be far more harmful to any business, as well as anyone associated with that business whose information may be leaked. I’d also like to point out (as someone else mentioned) that the increased security requirements will nearly force a rise in job creation, which is definitely a plus for both IT professionals and the economy as a whole.

-Jenn

Comment on New MA Security Law – MGL 93H by collins

collins — Wed, 26 Nov 2008 16:17:00 +0000

I think this new law protects me as a resident of the Commonwealth in the sense that my transactions with the state, whether it be tax information or bills, will be protected while going through necessary processes. This builds a sense of confidentiality in any organization, operation, or community.

Comment on Good news! by Me&Mine

Me&Mine — Wed, 26 Nov 2008 15:13:00 +0000

This MGL 93H, in my opinion at least, is a good way to keep what little bit of privacy we do have left intact. I think that we all understand that if you are using the Internet for any reason you are “putting yourself out there” for the World to see. But in putting yourself “out there”, this does not mean that I want my junk mail box full of “crap” from Viagra or Nissan because I wanted to look at the new Skylines which are due to be released in the U.S. soon. In addition, the amount of credit card offers is out of control, and to add to that, the junk mail that is telling me that there is a problem with my “PayPal” account–”PayPal” being a service that I have never used. In this case, it is obvious that my information and browsing habits/history were indeed recorded and then sent on to a third-party company…no real shock.
From the business end of it, we will have to wait and see what really happens in regards to how closely the regulations are followed, and more important, who is enforcing them. The whole T.J. Maxx thing was a simple security breach, actually an accident. But what about the recent story of a Military laptop being “stolen” (I personally don’t believe that) which had the records of something like 10,000 plus servicemen/women on it. Will the new MA GL 93H actually prevent this from happening? I think not, at least not to the extent they believe it will. Yes, there will be consequences and retribution for breaches of the law, but I see it as mostly “after the fact”. Is every company going install x-ray machines, check what is on every laptop coming or going, and monitor EVERY piece of data coming or going from a business? Again, doubtful. The MGL 93H will without a doubt be a great asset to the security of companies, the personal information they possess and what they do with that info. In reality, without installing keystroke loggers and someone to monitor them, along with full body cavity searches, our personal information will never be 100% safe. Remember: whatever security measure(s) are put in place, almost instantly someone will find a way around them. There is ALWAYS someone just a little smarter, faster, and better. As long as data is travelling through wires or over the air, it will never be 100% safe.–Justin S.

Comment on Good news! by Joe Chapin

Joe Chapin — Wed, 26 Nov 2008 04:17:00 +0000

I believe that most companies out there are legit and have no notion of using or losing my information or doing anything else that would cause them or me harm. I also believe some companies simply hold my information and use it for whatever purpose, good or not so good: e.g. - send me more junk mail, or, someone simply sells my latest information to the highest bidder that harbors future junk mail, to me. What if there is an even worse spin-off? Like someone in a company using my information for identity theft? Can I stop it? Nope. Will it ruin my life? Yep, darn good chance it can, but with FACTA in place, not as bad.
Now, where MGL 93H will kick-in is great news for me. Some company can't just take my information and stick their head in the sand and hope all will be OK, like they are now. Plus have the nerve to tell me to do same. With MGL 93H (and 93I) they actually have to MAKE IT OK or they are liable. I think the sad part is that they have to be forced to do so. I'm kind of fond of the old fashioned idea that companies give a hoot about me and that they would gladly take the appropriate steps to prove it. You
know, like spend extra money on computer security and training, without the force of a swift boot in the pants from Uncle Sam. But these days the kick in the rump approach seems to work fine also. Of course some companies still whine, so they all get five more months to get their acts together.
Kind of like HIPAA seemed great in 2003. Then I find out that HIPAA only protects medical records maintained by the insurance companies, and then only in electronic form, even then, only if ... (it gets depressing). Of course just about everybody’s medical files includes much more (different, like financial) information, right? Right of course. Still, HIPAA is better than nothing.
My point is, this soon-to-be-enacted MGL 93H (and 93I) helps address the accidental loopholes of past attempts to ensure that your information is truly held privately intact and actually makes companies more accountable for screw-ups, breakdowns, and breaches that results in the misdirection, loss or theft of my information. They now have until May 2009 to get with the program. I know I know, not all companies are trained in computer and data information security. They are mostly trained at making money, which is usually much easier and simpler.
Speaking of money, any company really needs to invest more to become compliant by May 2009. You know, real firewalls, dedicated servers and such, (if an online business) plus totally awake employees using passwords and not just have a summer of '69 thing going on in the IT department. A real backup plan; including a fast responding, workable DRP. In other words any company can claim to have a
wonderful DRP, but is it a real, workable plan? Yes, they will have to get people hired that are experts in this very field to ensure all is on the up-and-up. What we need is for companies to start being “for real” securely, as in; the customer trusts us so let’s convince him/her to believe that. I think people deserve to know HOW and HOW OFTEN their information is being secured. Of course we already know WHY.

This means there should be increased job openings for people in the IT/Information Security field. What will I do? I will stay in college and pay attention!

Just a few related thoughts from Joe Chapin