Massachusetts Data Protection Law: Third-Party Provision Effective March 1

more+
less-

Effective March 1, 2012, any company, wherever located, that is holding the “personal information” of Massachusetts residents must amend its existing vendor contracts to require compliance with Massachusetts data security regulations. 201 CMR 17.03 (f)(2).

http://www.mass.gov/ocabr/docs/idtheft/201cmr1700reg.pdf

http://www.computerworld.com/s/article/9223709/Final_phase_of_Mass._data_protection_law_kicks_in_March_1

http://www.computerworld.com/s/article/9155978/Deadline_looms_for_Mass._data_protection_law

This requirement for contracts with third-party vendors applies to the personal information of all Massachusetts residents, including customers, employees and others. The data security rules require businesses to encrypt sensitive personal information on Massachusetts residents that is stored on portable devices such as PDAs and laptops or on storage media such as memory sticks and DVDs. Any personal information that is transmitted over a public or wireless network must also be encrypted.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Published In: Administrative Agency Updates, General Business Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Davis Wright Tremaine LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »