Massachusetts Data Security Law and Regulations-Service Provider Grandfather Provision expires March 1, 2012
January 31, 2012
As we previously noted in our Foley Adviser dated February 3, 2010, “New Massachusetts Data Security Law and Regulations-Comprehensive Information Security Plan required before March 1, 2010”, under the regulations, an investment adviser must require third-party service providers by contract to implement and maintain appropriate security measures for personal information. There currently is a grandfather provision that deems any contract with a service provider entered into before March 1, 2010 to be in compliance even if it makes no reference to data protection.
The grandfather provision expires on March 1, 2012, so any contract regardless of when signed must be brought into compliance by March 1, 2012. You should take steps to ensure that your third party service provider contracts are now in compliance.