Written Information Security Program
(WISP)
Embedded Files
Borinquén Premier Vending’s Written Information Security Program (WISP)
Borinquén Premier Vending’s Written Information Security Program (WISP)
Purpose:
This WISP (Written Information Security Program) outlines our policies and practices to comply with Massachusetts Data Privacy Law (201 CMR 17.00) for handling personal information.
1. Designation of Responsible Personnel
1. Designation of Responsible Personnel
The security officer for data protection at Borinquén Premier Vending LLC is Migdeliz Girard.
2. Risk Assessment
2. Risk Assessment
We assess risks related to:
✅ Unauthorized access to personal data
✅ Data breaches or leaks
✅ Physical security of data storage
3. Safeguards for Data Protection
3. Safeguards for Data Protection
📌 Administrative Safeguards:
Employees must follow password policies and security measures.
Access to personal information is granted only to authorized personnel.
📌 Technical Safeguards:
Use of firewalls, encryption, and secure servers for data storage.
Routine software updates and security patches.
📌 Physical Safeguards:
Any printed records with personal data are stored in locked, restricted areas.
Devices storing personal data are secured with password protection.
4. Third-Party Data Sharing
4. Third-Party Data Sharing
We only share data with:
✅ Payment processors for vending revenue distribution
✅ Legal authorities when required by law
✅ Website analytics providers (Google Analytics)
5. Data Breach Response Plan
5. Data Breach Response Plan
In the event of a data breach, we will immediately initiate containment procedures. Affected users will be notified within 72 hours if their data is exposed. If required by law, we will report the breach to the Massachusetts Attorney General within the legally mandated timeframe.
Immediate containment of breach.
Notification to affected users if their data is exposed.
Report to Massachusetts Attorney General if required by law.
6. Employee Training & Policy Updates
6. Employee Training & Policy Updates
All employees handling sensitive data must undergo annual data security training, with additional training provided as needed for new policies or emerging threats.
7. Review & Updates
7. Review & Updates
This WISP is reviewed annually to ensure compliance.
8. Data Retention & Disposal
8. Data Retention & Disposal
We retain personal data only as long as necessary for business operations, legal compliance, and security requirements. Data that is no longer required shall be securely deleted, shredded, or permanently anonymized in accordance with Massachusetts data protection standards.
Page updated
Google Sites
Report abuse