MIT's Written Information Security Program (WISP)
In 2007, a Data Security Breach Notification Law went into effect in Massachusetts requiring covered entities to provide notification in the event of certain data security breaches.
On March 1, 2010, regulations 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth went into effect that apply to businesses and other entities which collect or process personal information such as Social Security and credit card numbers.
In response, MIT rolled out a campus-wide Written Information Security Program (WISP), which includes administrative, technical, and physical safeguards for this type of data.
MIT asks that all members of the community pay special attention any time PIRN crosses their desks. Review the pages in the Sensitive Data Areas for tips on minimizing and protecting PIRN in your work area.