This note is a reminder of the expiration of the grandfather provision under the Massachusetts Data Security Regulations, summarized here, which expires on March 1, 2012.   Any applicable third party service provider contract entered into prior to March 1, 2010 must incorporate the appropriate security measures for personal information as specified in the regulations.  Companies should take steps immediately to ensure that their contracts with third party service providers who maintain, receive, or access personal information of Massachusetts residents conform with the regulation’s requirements.