Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!

Getting Detailed on Privacy Protection

By Bill Zalud
August 1, 2009

The Commonwealth of Massachusetts enacted a regulation protecting state citizens’ personal information. Coming into effect in 2010, it protects personal information from unauthorized access and possible exploitation.
   
The Zalud Report asked Robert Messemer, chief security officer at The Nielsen Company, for his views.
 
“The Massachusetts regulation is one of the first we’ve seen that actually dictates the means by which companies should protect personal information, in this instance, the personal information of Massachusetts residents. It specifies exact standards for a corporate information security program and the exact minimum technical requirements for an information security policy,” Messemer said. “The regulation governs the personal information of all Massachusetts residents, irrespective of where a given company is headquartered or has a presence.


Compliance Steps

“Companies that access or store personal information, including the information of clients, employees and former employees, will need to take certain prescribed steps towards compliance. For example, companies will be required to establish written policies and procedures for how personal information is stored and transported, if those policies do not already exist. Additionally, companies will be required to use robust access and audit controls as well as minimize the number of people who enjoy access to information.”
     
The tougher Massachusetts regulations may spread. According to Messemer, “Our review of the regulatory and legislative landscape in North America has identified draft legislation in Michigan that may mirror many of the provisions in the Commonwealth of Massachusetts regulations. Personally, I believe that we can anticipate additional federal and state legislation in the near future as greater public awareness of this issue grows in our communities,” he said. “As security professionals, it is incumbent upon us to understand critically important changes in the regulatory environment and be able to convey those changes effectively to senior executives as well as the attendant risks, if any, arising from these changes.”
     
Regulatory challenges can also encourage more internal cooperation.
     
“From a chief security officer’s perspective, I believe that there is a greater opportunity for security professionals to engage other key stakeholders within their organization in order to identify and optimize risk,” Messemer added. “Please note that I didn’t say that security’s role is to simply ‘eliminate’ risk. Certain levels of risk are inherent in every business. If a CSO simply engages senior executives in an approach to merely ‘eliminate risk,’ then I believe he or she will have a relatively short and unfulfilling career. As security professionals, we should strive to more fully understand the business and our senior executive’s appetite for risk and align our risk mitigation strategies in order to optimize - not eliminate risk.”


Tooling Up

“Enterprise security tools such as firewalls, server and workstation or endpoint malware and anti-virus protection that are maintained on a current basis to effectively address new and emerging malware threats will be required. Access controls are an important component of any effective security strategy – but are now given greater importance in light of the new regulations,” pointed out Messemer.
     
CSOs need to be part of an educational effort. “Effective security policies concomitant with an effective security communications program are an absolute must under the new regulations. While most companies probably already have a security awareness program, it is important as a best practice to ensure that the security awareness program is well understood and that it supports the strategic goals of the organization.
     
Additionally, companies should give consideration to effectively purging itself of old data that it no longer requires. Of course, appropriate care should be exercised to shred documents and make electronic media completely unreadable.”
     
There is an additional need to more carefully evaluate outsourcing.
     
Observed Messemer, “Security professionals evaluating a prospective outsourcing provider should consider the benefits associated with utilizing the services of a certified personal records provider, especially for targeted opportunities such as a certified credit card processing vendor, who will provide your organization with only the data required by your organization while minimizing the risk for any unauthorized disclosures. But also keep in mind that part of the analysis is also a careful review of how that service provider secures the information that it handles and manages on behalf of your organization.”


At a Minimum

Here is a list of minimum requirements for the information security program, according to Robert Messemer, chief security officer at The Nielsen Company. Go to the August Zalud Report at www.securitymagazine.com for more information, including minimum technical requirements for the protection of electronic records.
  • Designating one or more employees to maintain the comprehensive information security program.
  • Identifying and assessing reasonably foreseeable internal and external risks to the security, confidentiality, and/or integrity of any electronic, paper or other records containing personal information.
  • Evaluating and improving, where necessary, the effectiveness of the current safeguards for limiting such risks.
  • Developing security policies for employees that take into account whether and how employees should be allowed to keep, access, and transport records containing personal information off of Nielsen’s premises.
  • Preventing terminated employees from accessing records containing personal information by immediately terminating their physical and electronic access to such records.
  • Establishing reasonable restrictions on physical access to records containing personal information.
  • Perform regular monitoring to ensure that the comprehensive information security program is operating as intended.
  • Review the scope of the security measures at least annually or whenever there is a material change in business practices.

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Zalud 2016 200px

Bill was the editor emeritus of Security Magazine, and he can be reached at (773) 929-6859.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0321-ProdSpot-Feat-slide1_900px

    Product Spotlight On Privacy Protection Solutions

    See More
  • SEC0421-ProdSpot-Feat-slide1_900px

    Product spotlight on cybersecurity, data protection, and privacy solutions

    See More
  • data privacy

    Which states are getting into the data privacy game?

    See More

Related Products

See More Products
  • Physical-Security-and-Envir.gif

    Physical Security and Environmental Protection

  • 9780367667887.jpg

    Surveillance, Privacy and Security

  • surveillance.jpg

    Surveillance, Privacy and Public Space

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing