[September 11, 2013] “…Data breaches can have a significant impact on an independent school’s relationship with its students, alums, and their families, as well as with faculty, staff, and other employees. Those affected may lose trust in the institution, given its apparent inability to safeguard sensitive, personal information. While the appropriate response to a data breach depends on the facts of the situation and applicable state and federal laws, below is a broad, step-by-step approach to help your school prepare for and respond to a data breach…”
Entities covered by the Massachusetts Data Security Law (including employers outside of Massachusetts) must ensure that all third-party service provider contracts are fully compliant with the law by March 1, 2012, when a two-year grace period for pre-existing third-party service provider contracts will expire. Thus, by March 1, all such contracts must include a provision requiring the service provider to satisfy the requirements of the law, regardless of the contract’s execution date. Read more.