Why You Need a WISP

A WISP is your company’s internal policy for safeguarding personal information, as required by 201 Code Mass. Regs. 17.00.

If your company has personal information of a resident of Massachusetts, including that of your own employees, you are required to have a WISP. Even if that data is stored with a service provider - for example a company that processes your credit card transactions or handles your company’s payroll, you are required to have a WISP.

If there is ever a breach of personal information at your company, new regulations require reporting whether you have a WISP to the Office of Consumer Affairs and Business Regulation and the Attorney General's Office.

A person's full name, or first initial and last name, in combination with either a social security number, drivers license or state issued ID number, credit card number, or financial account number.

Additionally, you’ll need to provide training for employees, designate an employee as a “Data Coordinator” responsible for maintaining the WISP, oversee 3rd part service providers, and notify the government and affected residents in the event of a data breach.

The policy outlines administrative, technical, and physical safeguards put in place to protect personal information. These safeguards range from simple protective measures like making sure physical records are kept in locked filing cabinets, to more complex technical ones, like making sure devices containing PI are encrypted and network equipment is secure and up to date.

We’ll guide you through all the steps of creating your policy and making sure you understand everything in it. As an IT company with many years experience serving businesses, we can also guide you though any necessary changes you’ll need to make to your computers or network to make them secure.