RIABiz

News, Vision & Voice for the Advisory Community

RIABiz

Massachusetts Privacy Laws got toned down [some] but they're still a compliance headache

Here are 12 questions asked and answered about the intensive new regulations

Author Brooke Southall May 17, 2010 at 4:27 AM
Admin:
no description available
Wade Spencer: All advisors see the benefit of it but in this recession environment they see this as one more compliance burden they need to implement.


Janice Taylor-Gaines

Janice Taylor-Gaines

May 17, 2010 — 7:55 PM

Great article highlighting the need for everyone needs a much higher computer/data security awareness. Check a book we use at work, “I.T. WARS” (you can Google it). It has a great Security chapter, and others that treat security. Check the author’s FREE blog, “The Business-Technology Weave” (Google to that too) – it’s hosted at IT Knowledge Exchange – a site that gets over a million hits a month and for good reason – it has great Question/Answer forums for everything technical and otherwise – ALL FREE. Highly recommended.

John

John

May 18, 2010 — 2:41 AM

While it is true that encryption takes a little extra time and energy it is really the same as locking your house when you leave for work. You just need to make sure you have a lock on your door (i.e., your systems support encryption) and then just turn the key every time.

Products like TrueCrypt (stored data) and TrulyMail (transmitted data) both make encryption free and easy. There is really no reason not to use them.

Alessandro Bottonelli

Alessandro Bottonelli

May 30, 2010 — 11:04 AM

Quoting:
> ... it is only a matter of time before other states follow suit.
>
A bit of vision from the other side of the pond. Other states indeed WILL follow suit. Here in the E.U we have very tight privacy acts. The tighter is the italian privacy act at the moment.

> ... practice consultants say that Massachusetts isn’t necessarily paranoid.
>
No it isn’t. They just try (as many states here in the E.U.) to pass the idea that computers, information systems, and internetworking aren’t any longer something to play without attention and without best practices. Actually, when compared with some EU states, Massachusetts isn’t that much paranoid… they should improve it ;-)))

I appreciate that in these times, on both sides of the pond business are wondering if they can take the burn for new investments in privacy regulations… we shall see.

From a strictly technical point of view, I’m surprised the Mass Privacy Act protects only “the privacy of Mass Residents”. What about “former” Mass Residents (like myself, and I guess thousands of others)? Are we protected by Mass Privacy Act, or businesses and government agencies can do what they want with our data, just because we are away (in and/or out the US)?

I guess I’ll have to ask the governor office,,, :-)

Brooke Southall

Brooke Southall

May 30, 2010 — 5:38 PM

Hello Alessandro,

Thank you for the more global perspective and especially for the good humor. I hate the idea of sending you to the governor’s office but I suppose I don’t know the answer to your question. I’m thinking you might be covered by Mass Privacy Laws if you had an advisor in Massachusetts but that issue never came up in my chats.

Now I’m curious…are there the equivalent of RIAs and wirehouse brokers in the EU?

Brooke

Alessandro Bottonelli

Alessandro Bottonelli

May 31, 2010 — 7:47 AM

Quoting:
>
> Now I’m curious…are there the equivalent of RIAs and wirehouse brokers in the EU
>
Not that I’m aware of. But since I’m just an information security / compliance specialist, I guess they might exist (maybe in the UK). As far as I understand RIAs and wire house brokers definitions, at least in Italy (and Southern EU in general), the RIA / wire house broker is a model that is too advanced and that will (I hope!) come over time.

I have quite a few banks and traditional investment firms as clients. As far as I understand them, they are trying to hold tight to the traditional model. Moreover the business is strictly regulated.

Back to privacy compliance, things here in the EU are even worst (for businesses that have to comply) and better (for persons protected by the Privacy Acts)... and very good for firms like mine offering compliance services :-).

The big difference is in definitions and in the details of minimum security standards every business has to comply to. Definitions: the right to privacy applies to all persons; both natural persons and legal persons!!! Whether residents and non residents. Minimum Standards are applied to all processes, whether paper or electronic… and guess what: paper data are the big problem :-/ Details: Italy’s Privacy Act is a 188 pages document! With a detailed “Code of Practice” and “Minimum Security Measures”.

Just in case you are curious and have problems to sleep at night :-) here is the official link to Italy’s Privacy Act ( <http: www.garanteprivacy.it="" garante="" document?ID="1219452"> ) in English! In English too, because any natural or legal person doing business here has to comply… and legislators don’t want to give anyone a good excuse <grin>. You might be particularly interested in pages 14 to 18, that is General Provisions and Definitions.

The main message here is: do not cry too much over and against Mass Privacy Act. Your legislator is an absolute beginner :<del>) when it comes to Privacy (I say this with a lot of love and appreciation for a country and a state where I lived my best years). If you cry too much they might want some help from Brussels or even worst from Rome :</del>)))


Alessandro

RIABiz Directory

The Industry Sourcebook for RIAs

   |    LISTING


RIABiz Directory sponsored by:

Directory Sponsor Logo