1. My employment at Paul Murphy Insurance is contingent upon my compliance with all regulations in the Written Information Security Plan:

A) True
B) False

2. Documents containing personal information on any Massachusetts residents may be sent to our vendors via fax machine:

A) True
B) False (Until there is technology available that makes fax machines encryptable, employers are prohibited, as of March 1, 2010 when the law 201 CMR 17.00 takes effect, from sending personal information of any Massachusetts resident via fax machine)

3. According to the Written Information Security Plan (WISP) it is recommended that I update my password used for accessing electronic records of personal information once every year:

A) True
B) False (it is recommended that employees update their passwords for accessing electronic records of personal information not every year but every 6 months)

4. Should my employment with Paul Murphy Insurance terminate, my username and password to all secured company sites will be immediately deactivated and I must return all manual records containing personal information to the Data Security Coordinator:

A) True
B) False

5. If I’m working at my desk with a file containing personal information and leave to use the restroom, I don’t need to save and exit out of the file because I’m only going to be away 5 minutes tops.

A) True
B) False (in the time that you’re away from your desk, you’ll never know who can walk by and view the personal information exposed or what they’ll do with it)

1. According to the Massachusetts Law Standards for the Protection of Personal Information of Residents of the Commonwealth (201 CMR 17.00), personal information includes the first and last name of any Massachusetts resident plus:

A) A social security number
B) A driver’s license or state ID number
C) A bank account or credit card number
D) A home address
E) A, B and C
F) All of the above

2. If I need to access personal information on Massachusetts residents to perform my job, I am responsible for checking with the IT department to make sure my computer has up-to-date:

A) Firewall Protection
B) Anti-virus Protection
C) System Security Agent Software
D) all of the above

3. If I find records containing personal information outside of our locked office area, I must:

A) Take the records and bring them back inside the office
B) Ask for the key to the locked file cabinets in which records of their nature are stored and put them away myself
C) Give the records immediately to the Data Security Coordinator who will either place them under lock and key or destroy them immediately (depending on whether or not our company has a business need to maintain these records)
D) Immediately shred them

4. In the event that I witness any suspicious behavior indicative of a data security breach (i.e. lock tampering, unauthorized access to files, etc.) I must:

A) Do nothing about it; the culprit will be caught and fired eventually
B) Call the police
C) Inform our company’s Data Security Coordinator of the behavior that I had just witnessed with a promise of anonymity
D) None of the above

5. When it comes to compliance with the state’s identity theft prevention law, I am responsible for:

A) Reading, understanding and following entirely all of the rules in the WISP as they apply to my job
B) Attending once-yearly training sessions on the law facilitated by the Data Security Coordinator
C) Reporting any suspicious behavior or suspected breaches of personal information on Massachusetts residents to the Data Security Coordinator immediately
D) All of the above