The benefits of using Unmanned Aircraft Systems (UAS) for tasks from catastrophe response to infrastructure inspection to construction site monitoring, and everything in between, are great. ...19 May 2016
Upcoming Compliance Deadline for Massachusetts Service Provider Contracts
This blog entry was contributed by Kate Abramson, an associate in the Privacy and Information Management group in Hogan Lovells' Washington, DC office.
Massachusetts information security regulations (“Standards for the Protection of Personal Information of Residents of the Commonwealth”) took effect on March 1, 2010. In approximately five weeks, covered companies face a compliance deadline relating to their third party service provider contracts.
To reduce the risk of data breaches involving third-party service providers, the regulations require companies to take reasonable measures to select vendors capable of “maintaining appropriate security measures to protect such personal information consistent with [the] regulations and any applicable federal regulations.” Furthermore, the regulations mandate that companies contractually require their service providers to safeguard personal information in accordance with the Massachusetts regulations and applicable federal requirements.
The contract provision includes a grandfather clause, providing that all contracts entered into before March 1, 2010 are exempt from complying with this requirement until March 1, 2012.
Accordingly, companies that own or license personal information of Massachusetts residents must ensure they have specifically contracted with their service providers to implement and maintain such security measures before the pending deadline.
While the regulations only affect companies possessing personal information of Massachusetts residents, companies outside the scope of these regulations should nonetheless consider amending their contracts in conformity with the Massachusetts regulations to ensure that service providers are aware of their obligations to safeguard personal information.
The health sector is under siege with cybersecurity threats. Some of the largest announced cyber attacks in U.S. history have targeted organizations in the health industry. Regulators have...02 May 2016
Last week, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) launched the long-awaited Phase 2 HIPAA Audit Program. Earlier this month, the agency posted...29 March 2016