Survey Finds Organizations Face Challenges in Readying for New Massachusetts Data...

Survey Finds Organizations Face Challenges in Readying for New Massachusetts
Data Security Regulations



Goodwin Procter Experts Discuss Data Privacy and Security Best Practices at
IAPP Privacy Academy

BOSTON, Sept. 15 /PRNewswire-USNewswire/ -- According to a new survey
conducted by Goodwin Procter LLP and the International Association of Privacy
Professionals (IAPP), companies face three significant challenges - cost, time
and number of vendors involved - in complying with new data security rules
issued by the Commonwealth of Massachusetts earlier this year. 

The Commonwealth of Massachusetts has issued rules, which take effect on March
1, 2010, that impose significant data security requirements on entities
possessing personal information of state residents, including entities based
outside Massachusetts. The intent of the rules is to protect sensitive data
and safeguard the public's privacy.

The survey revealed that 60 percent of information privacy professionals say
they expect their organizations' compliance efforts in support of the data
security regulations to be complete when the new rules go into effect, and
another 29 percent of information privacy professionals say compliance efforts
will "probably" be complete by the deadline. One potential reason for the
uncertainty is that 60 percent of respondents indicate their organizations
have more than 10 vendors with access to personal information, and 30 percent
say they have over 100 vendors with access to personal information - which
complicates the compliance process.

Complying with the new regulations is also proving to be a costly effort for
many organizations - with 33 percent of respondents saying their firms have
already spent more than $50,000 on complying with the upcoming rules. Another
12 percent of those surveyed say their organizations have spent between
$10,000 and $50,000 and 44 percent have spent more than 100 hours in
compliance activities.

IAPP and Goodwin Procter will share the findings of the survey with attendees
of the IAPP Privacy Academy, which takes place in Boston from September 16 to
18. This survey was conducted online in August 2009 among IAPP members with
more than 200 respondents participating. 

Goodwin Procter Experts at Privacy Academy

Goodwin Procter will have a number of data privacy and security experts
speaking at the IAPP Privacy Academy. Their sessions are:

The New Massachusetts Privacy Law: What Does It Mean for You? This workshop
will help attendees learn how to comply with the upcoming regulations. It will
be moderated by Agnes Bundy Scanlan and will include Lynne Barr. The session
features a keynote presentation by Martha Coakley, Massachusetts Attorney
General. It takes place on September 16 from 8:00 a.m. to 12:00 noon.

Suggestions From the States: Designing a Workable Breach Notice Requirement.
This session will review the various data security standards set by U.S. state
governments. It will draw on those experiences to offer policy recommendations
for Europe and Canada as well as for crafting new, revised data breach notice
requirement laws in the United States. The session panel includes James
Shreve. It takes place on September 17 from 11:00 a.m. to 12:00 noon.

Massachusetts Data Security Regulations: Perspectives From Regulators,
Enforcers, Practitioners and Industry. This session will discuss Massachusetts
regulations, and examine the common business circumstances that may call for
encryption of information, best practices for compliance and avoidance of
liability, state enforcement efforts, and how to limit and remediate the
damages of identity theft. The session panel includes David Goldstone. It
takes place on September 17 from 1:00 p.m. to 2:00 p.m.

Also during the course of the conference, the Goodwin Procter IAPP Privacy
Vanguard Award will be awarded to the privacy professional who has best
demonstrated outstanding leadership, knowledge and creativity in privacy and
data protection, whether through spearheading projects or programs that
positively impact the privacy profession or through achievements over the
course of an entire tenure or career.  The IAPP Board of Directors' Executive
Committee selects the recipient from a distinguished list of nominees.

About Goodwin Procter
Goodwin Procter LLP is one of the nation's leading law firms with offices in
Boston, Hong Kong, London, Los Angeles, New York, San Diego, San Francisco,
Silicon Valley, and Washington, D.C. The firm's core areas of practice are
corporate, litigation and real estate, with specialized areas of focus that
include financial services, private equity, technology, REITs and real estate
capital markets, intellectual property, tax and products liability.
Information may be found at www.goodwinprocter.com.

About the IAPP
The International Association of Privacy Professionals is the world's largest
association of privacy professionals with more than 6,000 members across 50
countries.  The IAPP helps to define and support the privacy profession
through networking, education and certification.  More information about the
IAPP is available at www.privacyassociation.org. 


SOURCE  Goodwin Procter LLP

Jill Reilly of Goodwin Procter LLP, +1-617-570-8783,
jreilly@goodwinprocter.com