Tag Archives: massachusetts

Massachusetts Adds New Requirements to Breach Notification Law

Massachusetts Governor Charlie Baker recently signed a new law that amends the state’s data breach notification law.

“The improvements made to Massachusetts laws in this legislation are necessary to protect consumers from the consequences of data breaches that could expose personal information and to give consumers more control over their data and how it is used,” Governor Baker tweeted.

Key New Provisions include: Continue reading Massachusetts Adds New Requirements to Breach Notification Law

Massachusetts to Make Breach Notification Archive Publically Accessable

The Massachusetts Office of Consumer Affairs and Business Regulation announced it will start to make its data breach notification archive publically accessible online. The records are currently only available by way of a public records request.

Consumer Affairs Undersecretary John Chapman commented, “The Data Breach Notification Archive is a public record that the public and media have every right to view. Making it easily accessible by putting it online is not only in keeping with the guidelines suggested in the new Public Records Law, but also with governor Baker’s commitment to greater transparency throughout the Executive Office.”

Data Breach Notification Law

According to the state’s data breach notification law, organizations are required to notify state residents whose personal information is compromised in a data breach. However, organizations are prohibited from including the nature of the breach, or the number of individuals affected, in the notice.

State law also requires organizations to provide notice to the state attorney general. In that notification, organizations must include the nature of the breach along with a copy of the notice sent to affected individuals.

California, Oregon, Maryland, and New Hampshire have similar practices in their state data breach notification laws. Those states post a copy of the attorney general notification letter online.

Key Takeaway

With increased public disclosure of data breaches, organizations will need to prepare for an increase in transparency around data breaches. Smaller incidents that might not otherwise generate much attention will be public information.