Entities covered by the Massachusetts Data Security Law (including employers outside of Massachusetts) must ensure that all third-party service provider contracts are fully compliant with the law by March 1, 2012, when a two-year grace period for pre-existing third-party service provider contracts will expire. Thus, by March 1, all such contracts must include a provision requiring the service provider to satisfy the requirements of the law, regardless of the contract’s execution date. Read more.
