March 1, 2012 is the deadline for pre-March 2010 contracts to comply with the third-party service provider contract requirement of the Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth (the “Regulations”). As of March 12, 2012, all pre-March 2010 contracts with third-party service providers (with access to personal information) must require such service providers to maintain data security measures that are consistent with the Regulations and any applicable federal regulations. If any such contracts do not include the required provisions they should be amended to add the provisions.
For further information, please see our client alert on this subject. To have any service provider contracts reviewed or revised to ensure compliance with the Regulations, please contact Faith Kasparian, Michael Cavaretta, or Howard Zaharoff.