Bloomberg recently published Data Security Practices: State Laws, a report that was prepared in cooperation with Melissa Krasnow, partner with VLP Law Group LLP. The report is available for download and goes through a state-by-state analysis of the different requirements. We have heard a lot about state laws that require private companies to implement data security practices when handling personal information but did you know that eleven states now require companies to incorporate data security provisions in vendor contracts?
The report itself is almost 50 pages but it organizes the content into a state-by-state summary of the 11 that require specific inclusion of data security provisions in vendor contracts, a chart displaying laws in each state, and details on whether a given law applies to all business or only those in a specific sector. This report goes through the 11 states that require provisions in vendor contracts: Alabama, California, Colorado, Illinois, Maryland, Massachusetts, Nebraska, Nevada, New Mexico, Oregon, and Rhode Island. It summarizes the contract requirements as well as the types of information covered. The state-by-state chart detailing the laws in each states also shows the states that have no state laws regarding data security provisions or vendor specific provisions: Alaska, Hawaii, Iowa, Maine, Michigan, Missouri, Mississippi, North Dakota, South Carolina, South Dakota, Tennessee, Vermont, Wisconsin, and Wyoming.
This highlights just how important it is to not just manage your security but to manage your contracts as well. Let us help you manage your contracts and compliance with State Law.
Written by Emily McNeeley, CIPP/US, Attorney, Intuitive Edge Team