An important piece of the new Massachusetts privacy regulations that companies must prepare for is the requirement that all customer and employee personal data on portable storage media needs to be encrypted and protected. Unfortunately, many companies make the assumption that all sensitive data resides predominantly on servers or other non-portable devices. Jordan Lawrence has performed hundreds of risk assessments, and has found that senior management is always shocked at the amount of personally identifiable information (PII) stored on portable storage devices and pda’s that leave the building each evening, unencrypted.

The risks posed by portable storage devices is a common one that most companies do not realize they are exposed to, but it is a risk that will carry much greater consequences after March 1 when the Massachusetts regulations take affect. Having a thorough understanding of all locations where data is stored in your company isn’t merely a luxury for companies- it is now a compliance necessity. Will your company be compliant on March 1?