New Data Protection Rules May Apply to VoIP

VoIP providers and other electronic commerce providers continue to face more regulation on the protection of sensitive customer data. The Massachusetts Office of Consumer Affairs and Business Regulation, for example, recently passed far-reaching rules that require any business that “receives, maintains, processes, or otherwise has access to ‘personal information’” about a Massachusetts resident to undertake steps to protect that data from security breaches.

Covered businesses must establish a comprehensive written information security program with “up-to-date” firewall protection and identify and assess reasonably foreseeable internal and external risks to all systems that hold personal information on Massachusetts residents. They must also ensure that the safeguards of any information security program are “consistent with” similar safeguards imposed by any applicable state or federal law. The rules also require covered companies to encrypt all wirelessly transmitted data and documents containing personal information sent over the Internet or saved on laptops, flash drives or other portable devices, and to take “reasonable steps” to select and retain third-party vendors that have the capacity to maintain appropriate security measures for personal information, and contractually require such vendors to maintain such safeguards.

The deadline for compliance with the OCABR rules was March 1, 2010. Given their wide reach, VoIP providers that have customers in Massachusetts may be covered by the rules, and should therefore take steps to ensure that they are in compliance with OCABR’s new requirements. Covered VoIP providers should also ensure that their policies comply with the new requirements, and that their vendors and service providers also meet the requirements to the extent they hold covered data. As more states enter the cybersecurity arena, VoIP providers will increasingly face challenges to keep up with varying state cybersecurity requirements. IT

William B. Wilhelm (News - Alert) is a partner and Jeffrey R. Strenkowski is counsel at the global law firm of Bingham McCutchen LLP (www.bingham.com).

» Internet Telephony Magazine Table of Contents