Header graphic for print
Technology Law Source Mapping the evolving legal landscape

Grandfather Provision of Massachusetts Data Security Requirements Expiring

Posted in Privacy

This note is a reminder of the expiration of the grandfather provision under the Massachusetts Data Security Regulations, summarized here, which expires on March 1, 2012.   Any applicable third party service provider contract entered into prior to March 1, 2010 must incorporate the appropriate security measures for personal information as specified in the regulations.  Companies should take steps immediately to ensure that their contracts with third party service providers who maintain, receive, or access personal information of Massachusetts residents conform with the regulation’s requirements.