SlideShare uma empresa Scribd logo

InmanTechnologyIT Mass Senate Testimony

Transferir como DOC, PDF
Sarah Cortes
Sarah Cortes

Testimony by Sarah Cortes on Data Privacy Laws and Security before the Massachusetts Legislature

Tecnologia
1 de 5
INMAN TECHNOLOGYIT ______________________________________________________ WWW.INMANTECHNOLOGYIT.COM Testimony of InmanTechnologyIT of Massachusetts Sarah Cortes, PMP, CISA, President Before Chairman Michael W. Morrissey, Chairman Theodore C. Speliotis and Members of the Joint Committee on Consumer Protection and Professional Licensure in Support of S. 173, and Act Ensuring the Privacy of Certain Data My name is Sarah Cortes and I am a technology professional in Massachusetts. Among other services, I follow and advise clients regarding the development of rules for the protection of personal information for residents of the Commonwealth, as well as laws and regulations with federal and other state jurisdictions and internationally. I also write extensively about security, privacy, surveillance, and technology. I wish to express my appreciation to the Administration for extending the general effective date of May 1, 2009 to January 1, 2010. As a security professional, I support S. 173, which would improve upon M.G.L. 93H. However, I remain concerned about wide-ranging rules which present significant enforcement challenges and could lead to widespread noncompliance, rendering a setback for overall compliance efforts. I urge the Administration to review rules and regulations in comparison with federal and other states laws, policies and regulations, and to revise them to ensure consistency and enforceability. I support S. 173 because it: • Remains consistent with Federal law and regulations. • Avoids technology-specific requirements that will quickly render it obsolete • Facilitates for organizations the enforcement of their data security policies on employees who willfully violate data protection rules, regulations and policies. SARAH CORTES, PMP, CISA MAY 12, 2009
INMAN TECHNOLOGYIT ______________________________________________________ WWW.INMANTECHNOLOGYIT.COM Protecting personal information is a necessary activity and in the interest of the public, including consumers, businesses, and other organizations. The development of a reasonable public policy is vital for our economy. As a data security practitioner, I see my clients continually struggle with the complex nature of technology and operational implications. These clients include: • Fortune 500 financial services, biotech and technology firms headquartered in Massachusetts, who operate in all 50 states as well as internationally • Colleges and universities located in Massachusetts but with associated overseas institutions • Small web design and social media service delivery firms operating in multiple states • Medium-sized training and certification delivery businesses based in Massachusetts but operating in multiple states • Medium-sized non-profit organizations operating in multiple states • Small non-profit organizations operating only in Massachusetts but with donors residing in many states The jurisdiction and scope of the Massachusetts law, “persons who own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts,” presents issues as well. From a technical standpoint, the difficulty of continually sifting large databases that change minute-by-minute, lead to many possibilities, including: SARAH CORTES, PMP, CISA MAY 12, 2009
INMAN TECHNOLOGYIT ______________________________________________________ WWW.INMANTECHNOLOGYIT.COM • A database that contained no in-scope data and was not subject to regulations could add a Massachusetts data record and fall in scope within minutes. Detecting the presence of Massachusetts residents in databases from minute-to-minute presents technical challenges and expenditure of resources • Due to failover and disaster recovery technology as well as cloud computing, third party firms engaged in a primary business of storing data for third party clients or providing computing services for such clients could find in-scope data of Massachusetts residents on their servers or storage devices due to a failover or split- second transfer of data. These firms not subject prior to data privacy laws could suddenly find themselves subject in this fashion Due to these and many other scenarios, I can testify that the Massachusetts data privacy laws and regulations, as written, essentially could extend far beyond Massachusetts to include many organizations who do little or no business with Massachusetts residents. This is because firms will need to invest time and resources to develop the ability to ensure to themselves and outside auditors and examining bodies that, from minute to minute, they remain exempt. I advise clients in a number of technology areas, including: • Complex Application Development/Implementation, like large projects with over 100 technical staff implementing, for example, trading systems • IT Security/Privacy/ Risk/Audit management, performing risk assessments and managing large security implementation projects SARAH CORTES, PMP, CISA MAY 12, 2009
INMAN TECHNOLOGYIT ______________________________________________________ WWW.INMANTECHNOLOGYIT.COM • Data Center Operations Management, including vulnerability scanning but also day-to-day operations • Disaster Recovery/High Availability, reviewing infrastructure and network architecture and advising on restructuring for resilience; and • Technology Program/Project Management. In educating and advising my clients about Massachusetts Data Privacy laws, about which there continues to be widespread lack of awareness and understanding, I find a general view emerging. This view holds that the regulations are so far-reaching, yet vague, that they are unenforceable and organizations need not fear enforcement. I do not endorse this view, and have written many papers and articles urging and explaining compliance, including an article that appears today on a national media outlet, TechTarget, www.ITKnowledgeExchange.TechTarget.com/IT-Compliance/ understanding-the-risk-of- penalties-for-violating-data-privacy-laws/, that warns against a dismissive view, and references numerous successful enforcement actions of state and federal data privacy laws. Nevertheless, the fact remains today that enforcement of the many state and federal privacy laws remains costly and difficult at best, with limited success. In closing, Massachusetts will ultimately best protect its residents by analyzing similar state and federal laws, ensuring consistency where possible, and “going beyond, where no man has dared to go,” only as a conscious step with a clear enforcement plan. SARAH CORTES, PMP, CISA MAY 12, 2009
INMAN TECHNOLOGYIT ______________________________________________________ WWW.INMANTECHNOLOGYIT.COM Thank you for your time. I wish to state that on behalf of data security professionals in this state, we stand ready to assist in adopting rules that are effective in achieving the Legislature’s goals. Thank you for the opportunity to provide comments and I would be happy to provide additional information. SARAH CORTES, PMP, CISA PRESIDENT 617-784-6113 31 INMAN STREET CAMBRIDGE, MA 02139 . __________________________________________________________________________________________ SARAH_CORTES@INMANTECHNOLOGYIT.COM LINKEDIN: WWW.LINKEDIN.COM/IN/SARAHCORTES TWITTER: HTTP://TWITTER.COM/SECURITYSOURCES SARAH’S SECURITYWATCH BLOG SARAH’S TECHTARGET BLOG COMPLEX APPLICATION DEVELOPMENT/IMPLEMENTATION IT SECURITY/PRIVACY/ RISK/AUDIT MANAGEMENT DATA CENTER OPERATIONS MANAGEMENT DISASTER RECOVERY/HIGH AVAILABILITY PROGRAM/PROJECT MANAGEMENT SARAH CORTES, PMP, CISA MAY 12, 2009

Recomendados

Opensource Presentation
Opensource PresentationOpensource Presentation
Opensource Presentation
Sarah Cortes
 
COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy Presentation
Sarah Cortes
 
State Laws On Smart Grid And Electricity Delivery
State Laws On Smart Grid And Electricity DeliveryState Laws On Smart Grid And Electricity Delivery
State Laws On Smart Grid And Electricity Delivery
Sarah Cortes
 
Sarah Cortes MA data breach law Testimony Sept 22 2009
Sarah Cortes MA data breach law Testimony Sept 22 2009Sarah Cortes MA data breach law Testimony Sept 22 2009
Sarah Cortes MA data breach law Testimony Sept 22 2009
Sarah Cortes
 
Social Media
Social MediaSocial Media
Social Media
Sarah Cortes
 
PMP Class And Exam Prep
PMP Class And Exam PrepPMP Class And Exam Prep
PMP Class And Exam Prep
Sarah Cortes
 
Usability And Project Management
Usability And Project ManagementUsability And Project Management
Usability And Project Management
Sarah Cortes
 
Privacy And Surveillance
Privacy And SurveillancePrivacy And Surveillance
Privacy And Surveillance
Sarah Cortes
 

Recomendados

Opensource Presentation
Opensource PresentationOpensource Presentation
Opensource Presentation
Sarah Cortes
 
COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy Presentation
Sarah Cortes
 
State Laws On Smart Grid And Electricity Delivery
State Laws On Smart Grid And Electricity DeliveryState Laws On Smart Grid And Electricity Delivery
State Laws On Smart Grid And Electricity Delivery
Sarah Cortes
 
Sarah Cortes MA data breach law Testimony Sept 22 2009
Sarah Cortes MA data breach law Testimony Sept 22 2009Sarah Cortes MA data breach law Testimony Sept 22 2009
Sarah Cortes MA data breach law Testimony Sept 22 2009
Sarah Cortes
 
Social Media
Social MediaSocial Media
Social Media
Sarah Cortes
 
PMP Class And Exam Prep
PMP Class And Exam PrepPMP Class And Exam Prep
PMP Class And Exam Prep
Sarah Cortes
 
Usability And Project Management
Usability And Project ManagementUsability And Project Management
Usability And Project Management
Sarah Cortes
 
Privacy And Surveillance
Privacy And SurveillancePrivacy And Surveillance
Privacy And Surveillance
Sarah Cortes
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
RTylerCroy
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
Antenna Manufacturer Coco
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 

Mais conteúdo relacionado

Último

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 

Último (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 

Destaque

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 

Destaque (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

InmanTechnologyIT Mass Senate Testimony

  • 1. INMAN TECHNOLOGYIT ______________________________________________________ WWW.INMANTECHNOLOGYIT.COM Testimony of InmanTechnologyIT of Massachusetts Sarah Cortes, PMP, CISA, President Before Chairman Michael W. Morrissey, Chairman Theodore C. Speliotis and Members of the Joint Committee on Consumer Protection and Professional Licensure in Support of S. 173, and Act Ensuring the Privacy of Certain Data My name is Sarah Cortes and I am a technology professional in Massachusetts. Among other services, I follow and advise clients regarding the development of rules for the protection of personal information for residents of the Commonwealth, as well as laws and regulations with federal and other state jurisdictions and internationally. I also write extensively about security, privacy, surveillance, and technology. I wish to express my appreciation to the Administration for extending the general effective date of May 1, 2009 to January 1, 2010. As a security professional, I support S. 173, which would improve upon M.G.L. 93H. However, I remain concerned about wide-ranging rules which present significant enforcement challenges and could lead to widespread noncompliance, rendering a setback for overall compliance efforts. I urge the Administration to review rules and regulations in comparison with federal and other states laws, policies and regulations, and to revise them to ensure consistency and enforceability. I support S. 173 because it: • Remains consistent with Federal law and regulations. • Avoids technology-specific requirements that will quickly render it obsolete • Facilitates for organizations the enforcement of their data security policies on employees who willfully violate data protection rules, regulations and policies. SARAH CORTES, PMP, CISA MAY 12, 2009
  • 2. INMAN TECHNOLOGYIT ______________________________________________________ WWW.INMANTECHNOLOGYIT.COM Protecting personal information is a necessary activity and in the interest of the public, including consumers, businesses, and other organizations. The development of a reasonable public policy is vital for our economy. As a data security practitioner, I see my clients continually struggle with the complex nature of technology and operational implications. These clients include: • Fortune 500 financial services, biotech and technology firms headquartered in Massachusetts, who operate in all 50 states as well as internationally • Colleges and universities located in Massachusetts but with associated overseas institutions • Small web design and social media service delivery firms operating in multiple states • Medium-sized training and certification delivery businesses based in Massachusetts but operating in multiple states • Medium-sized non-profit organizations operating in multiple states • Small non-profit organizations operating only in Massachusetts but with donors residing in many states The jurisdiction and scope of the Massachusetts law, “persons who own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts,” presents issues as well. From a technical standpoint, the difficulty of continually sifting large databases that change minute-by-minute, lead to many possibilities, including: SARAH CORTES, PMP, CISA MAY 12, 2009
  • 3. INMAN TECHNOLOGYIT ______________________________________________________ WWW.INMANTECHNOLOGYIT.COM • A database that contained no in-scope data and was not subject to regulations could add a Massachusetts data record and fall in scope within minutes. Detecting the presence of Massachusetts residents in databases from minute-to-minute presents technical challenges and expenditure of resources • Due to failover and disaster recovery technology as well as cloud computing, third party firms engaged in a primary business of storing data for third party clients or providing computing services for such clients could find in-scope data of Massachusetts residents on their servers or storage devices due to a failover or split- second transfer of data. These firms not subject prior to data privacy laws could suddenly find themselves subject in this fashion Due to these and many other scenarios, I can testify that the Massachusetts data privacy laws and regulations, as written, essentially could extend far beyond Massachusetts to include many organizations who do little or no business with Massachusetts residents. This is because firms will need to invest time and resources to develop the ability to ensure to themselves and outside auditors and examining bodies that, from minute to minute, they remain exempt. I advise clients in a number of technology areas, including: • Complex Application Development/Implementation, like large projects with over 100 technical staff implementing, for example, trading systems • IT Security/Privacy/ Risk/Audit management, performing risk assessments and managing large security implementation projects SARAH CORTES, PMP, CISA MAY 12, 2009
  • 4. INMAN TECHNOLOGYIT ______________________________________________________ WWW.INMANTECHNOLOGYIT.COM • Data Center Operations Management, including vulnerability scanning but also day-to-day operations • Disaster Recovery/High Availability, reviewing infrastructure and network architecture and advising on restructuring for resilience; and • Technology Program/Project Management. In educating and advising my clients about Massachusetts Data Privacy laws, about which there continues to be widespread lack of awareness and understanding, I find a general view emerging. This view holds that the regulations are so far-reaching, yet vague, that they are unenforceable and organizations need not fear enforcement. I do not endorse this view, and have written many papers and articles urging and explaining compliance, including an article that appears today on a national media outlet, TechTarget, www.ITKnowledgeExchange.TechTarget.com/IT-Compliance/ understanding-the-risk-of- penalties-for-violating-data-privacy-laws/, that warns against a dismissive view, and references numerous successful enforcement actions of state and federal data privacy laws. Nevertheless, the fact remains today that enforcement of the many state and federal privacy laws remains costly and difficult at best, with limited success. In closing, Massachusetts will ultimately best protect its residents by analyzing similar state and federal laws, ensuring consistency where possible, and “going beyond, where no man has dared to go,” only as a conscious step with a clear enforcement plan. SARAH CORTES, PMP, CISA MAY 12, 2009
  • 5. INMAN TECHNOLOGYIT ______________________________________________________ WWW.INMANTECHNOLOGYIT.COM Thank you for your time. I wish to state that on behalf of data security professionals in this state, we stand ready to assist in adopting rules that are effective in achieving the Legislature’s goals. Thank you for the opportunity to provide comments and I would be happy to provide additional information. SARAH CORTES, PMP, CISA PRESIDENT 617-784-6113 31 INMAN STREET CAMBRIDGE, MA 02139 . __________________________________________________________________________________________ SARAH_CORTES@INMANTECHNOLOGYIT.COM LINKEDIN: WWW.LINKEDIN.COM/IN/SARAHCORTES TWITTER: HTTP://TWITTER.COM/SECURITYSOURCES SARAH’S SECURITYWATCH BLOG SARAH’S TECHTARGET BLOG COMPLEX APPLICATION DEVELOPMENT/IMPLEMENTATION IT SECURITY/PRIVACY/ RISK/AUDIT MANAGEMENT DATA CENTER OPERATIONS MANAGEMENT DISASTER RECOVERY/HIGH AVAILABILITY PROGRAM/PROJECT MANAGEMENT SARAH CORTES, PMP, CISA MAY 12, 2009