Protecting Your Personal Information
Hampton Firm Issues New Manual
By Valerie Cellucci
Hampton Union, Tuesday, March 30, 2010
[The following article is courtesy of the Hampton Union and Seacoast Online.]
HAMPTON -- ProTracker Software Inc., with offices at 6 Merrill Industrial Drive, has primarily focused on client relationship management systems for financial advisors since it was founded in 1995, by its president, Warren J. Mackensen.
Mackensen graduated from the U.S. Naval Academy and served in the nuclear submarine force during the Cold War. He founded a solar energy contracting company that he operated for eight years, as well as Mackensen and Company in Hampton in 1991 before opening ProTracker.
In response to a rise in the number of security breaches in companies throughout the world, Mackensen began creating a detailed step-by-step Information Security Program (ISP) manual to increase security confidentiality of personal information last summer.
Mackensen's work with the nuclear submarine force gave him extensive knowledge in understanding the inner workings of manuals.
"When we went to sea all we had was manuals, there was no tech support," he said.
Mackensen said that it is critical that professionals who work with client's personal information follow the steps outlined in ProTracker's ISP Manual to ensure they protect themselves and their clients.
The ISP manual was completed in October, and is based on stringent Massachusetts regulations. That state has the most stringent security regulations in nation, and Mackensen believes they will be the basis upon which federal standards will be developed.
The Massachusetts law states that any person or company anywhere that owns or licenses personal information about one or more residents of the state must implement the regulations.
"The Mass. law is the most prescriptive of the laws in the sense that it exactly prescribes what you need to do," said Mackensen. "Many of the laws (in other states) are reactive or they tell you what to do once you have a breech, which is the New Hampshire law. It doesn't tell you how to prevent security breeches."
All businesses that deal with personal information about a resident of Massachusetts had to have implemented the requirements of the state law by March 1. However, many companies still have not, Mackensen said.
Those companies are required to have a written ISP, plus other safeguards that require a thorough IT environment review. That is what ProTracker is now supplying.
According to the Massachusetts law, "personal information" is defined as a first and last name or a first initial and last name, combined with a Social Security number, financial account number, license number, or state identification.
If professionals do not comply, they may face devastating consequences to their business, including lawsuits, costly fines, loss of clients and a negative reputation, Mackensen said.
"The Massachusetts law is going to become the model for the nation," said Mackensen. "This manual will help businesses get up to speed."
The new manual also helps professionals to stay informed and comply with the most recent rigorous federal and state regulatory changes.
The manual is a "Word" document that businesses use as is, or tailor to their specific needs. It clearly describes the law in a language that employers can easily follow and includes PowerPoint presentations that are ready to watch.
The manuals are sold for $249 each, with updates provided at no cost for one year from your date of purchase. This price is significantly lower than most of ProTracker's competitors, Mackensen said.
He said that ProTracker, in its beginning stages of promoting this product, has sold about 25 manuals nationwide, including its first purchase by a company in Florida.
The ISP Manual was designed for CPAs, lawyers, IT consultants and record destruction vendors, who all handle sensitive client personal information.
Mackensen explained that professionals are unintentionally negligent when it comes to information security, and mistakenly feel secure storing clients' personal information and e-mailing password-protected files.
Hackers can more easily gain access to confidential information, and security breaches become more common, causing major issues, unwanted costs and loss of client loyalty, he said.
The ISP Manual advocates proactive steps companies should take to:
Identify administrative, technical and physical risks associated with personal information security.
Assess the security of servers, networks, laptops, flash drives, portable hard drives and personal digital assistants (PDAs).
Implement e-mail encryption procedures to assure the security of personal information.
Train employees in information security procedures.
Respond to a data loss incident.
Conduct the required annual program review.
Terminate employee access to personal information.
"The days of password-protecting a PDF file containing personal information and sending it as an e-mail attachment are over," said David Hodgdon, president of Portsmouth Computer Group. "The ISP Manual from ProTracker Software covers everything from soup to nuts, which is why we work so closely with Warren J. Mackensen to provide details about the new regulations and the increased security measures recommended for a solid Information Security Program."
For more information or to purchase a copy of the ProTracker ISP Manual, please visit www.protracker.com