Third-Party Provision of Mass. Law Effective Soon
PRIVACY LAW—U.S.January 26, 2012
Companies storing the personal data of Massachusetts residents have just over one month to comply with the last provision of the Massachusetts data protection law, CIO reports. The law took effect in 2010 and requires companies storing such data to have certain controls in place, including encrypting data and implementing written data protection policies. The last provision takes effect March 1 and will require all companies storing data on Massachusetts residents to "have specific language in third-party contracts that obligates their vendors to employ reasonable measures for protecting personal information," the report states. One expert suggests companies should also include language allowing for third-party audits.