News

Sticking to your guns

[Apr 14, 2010]

Just read an article titled “How I Did It” from the founder of Five Guys Burgers and Fries.

My Take: He really lets his instinct lead, and doesn’t take pressure from anyone (other than his sons).

Rather than write more, I rather you read the quick article: Link.

P.S. They make really great burger and fries. I had them years ago in D.C. Now they are all over the place, including Columbus, OH.

Go on a Meeting Diet

[Mar 24, 2010]

Meetings are like PowerPoint. They have their place, but in today’s business world they seem to be:
- Over-used
- Poorly arranged
- Either too vague or too stuffed with detail.

Think: Do recent meetings you have attended have one of the above mentioned issues?

Minus the above… one of the biggest issues with meetings and why you should consider going on a “Meeting Diet” is that they kill productivity.

A 1-hour meeting with 8 people is really an 8-hour meeting.
Re-read that sentence.

It’s one hour for you… but also one hour for Sally, Bob, ______ (Fill in Blank), and so on.

8 hours of time spent working…. is now being committed to a meeting.

Another Analogy: A pint of Guinness has 210 calories. A bit high but not bad. If I however visit a pub and have 6 pints in one evening… there’s a big difference (equal to 1260 calories and your more than likely your feeling it).

Think: How many meetings did you have last week? How many people on average were in those meetings?

Let me know if you like these “food for thought” articles and want to see more. Enjoy your day.

- Chad Weinman

New Privacy Law may impact you!

[Mar 03, 2010]

A quick summary of the new sweeping privacy law in Massachusetts which had a compliance deadline of March 1st, 2010. Enacted in September 2008 to protect the personal information of Massachusetts residents, it applies to many companies which conduct business with residents of Massachusetts or have employees that reside in Massachusetts.

So now that I have your attention… here are some high-level notes to see if this may impact you:

Requirements
The Massachusetts law includes both “data at rest” and “data in transit” over a public network, such as the Internet, that contain personal information. This data must be encrypted.

Personal information is defined as a Massachusetts resident’s name in combination with one of the following:

- Social Security number
- Driver’s license number or state-issued identification card number
- Financial account number or credit/debit card number

This new legislation affects all organizations who own or license personal information of Massachusetts residents — regardless of the size or location of the business. 
This also includes:
- Businesses that track customers by account numbers (such as healthcare institutions and related vendors)
- Retailers that accept credit cards for purchases by Massachusetts customers
- Financial institutions (such as banks, insurers, or brokerages) with customers residing in Massachusetts
- Companies with branch offices located in Massachusetts

Failure to Comply
Are there consequences for non-compliance? Absolutely!

You can assume the new Massachusetts Privacy Law will increase a company’s exposure to lawsuits. The ramifications of not complying become quite real should an information breach occur.  In such a case where non-compliance is found, the Massachusetts Attorney General can file suit with the company.

In addition, civil penalties could be imposed for non-compliance with Massachusetts’ data breach notification statute (Massachusetts General Law 93H.) A civil penalty of $5,000 may be awarded for each violation of 93H. Furthermore, under the portion of 93H concerning data disposal, businesses can be subject to a fine of up to $50,000 for each instance of improper disposal.

Always remember also that here are other consequences which are not easy to calculate, such as the impact to a company’s brand or reputation.

Get Prepared
There are some reasonableness standards in the requirements that should make this easier to comply with if your company isn’t already. You still need a policy, need to inventory your stores of “personal information” and educate your employees about the importance of safeguarding personal information as a few examples.

How can I help?
I would be happy to discuss this more, please don’t hesitate to reach out. At a bare minimum I recommend you do some form of a risk assessment to see if your company is or should be compliant. This may only be a law for Massachusetts customers currently, but legislature is currently swimming in Congress to bring a national law similar to this into effect (if it would come to be passed).

Resources
The Office of Consumer Affairs and Regulation has published a useful 201 CMR 17.00 Compliance Checklist (.pdf).

You can also review the law itself contained in 201 CMR 17.00 Standards for the Protection of Personal Information (.pdf).