Even a wisp of data collected by hackers, thieves, or other nefarious cyber-criminals as a result of a breach may leave you open to a lawsuit. To protect your company, it is important to have security measures in place to safeguard sensitive data. While not legally required in all 50 states, a written information security program (WISP) can help your company protect its data, and, if necessary, react to a breach. Essential elements of a WISP include laying out procedures for your company to store and transfer sensitive data and assigning an employee to maintain and implement these security procedures.
Be aware that Massachusetts currently has a law on the books requiring businesses that own or license personal information to develop a WISP. For help putting together a WISP that complies with the Massachusetts law, follow this link.