March 1, 2012 marks a critical compliance date for businesses covered by the Massachusetts data security regulations, which includes virtually all Massachusetts employers. Regulations implementing Massachusetts law defining standards to be met by businesses with access to “personal information” of any Massachusetts resident went into effect in 2010. The regulations contain a two-year grace period for certain contracts entered into prior to March 1, 2010. With the expiration of the grace period, new rules are now in effect for all “service provider” contracts.
The attached GT Alert — Massachusetts Personal Information Data Security Regulations: Are You in Compliance With the March 1 Deadline?— discusses these requirements.