Amendment #6 to S2619

Data Privacy in Public Procurement

Mr. LeBoeuf of Worcester moves to amend the bill by inserting after section 4 the following section:

"SECTION 5. (a) A state agency shall require, as a condition of entering into, renewing or amending a contract under which a vendor, or a subcontractor of the vendor, collects, processes, stores or accesses the personal data of a resident of the Commonwealth, that the vendor and any subcontractor agree in writing to:

(1) not sell or voluntarily disclose such personal data to the federal government;

(2) disclose such personal data to the federal government only as compelled by a warrant, court order or subpoena, and only to the extent required;

(3) unless prohibited by law, notify the state agency before making any such disclosure; and

(4) require each subcontractor to agree in writing to the same terms.

(b) Before entering into such a contract, the state agency shall review the vendor's terms of use and privacy policy to confirm that they do not conflict with subsection (a).

(c) A vendor's violation of subsection (a) shall constitute a material breach of the contract.

(d) A contract in effect on the effective date of this section shall comply with this section at its next renewal or amendment, or not later than 2 years after the effective date, whichever occurs first.

(e) Nothing in this section shall require a vendor to violate a warrant, court order or subpoena;”.