Massachusetts Breach Notifications Will Now Be Publicly Available Online

Will Daugherty
BakerHostetler
Contact
LinkedIn
Facebook
X
Send
Embed

On Jan. 3, 2017, the Massachusetts Office of Consumer Affairs and Business Regulation announced that it will begin making its data breach notification archive publicly available online. Previously, data breach notifications filed with the Massachusetts attorney general were only available through public records requests. The change was made pursuant to the June 2016 amendment to the Public Records Law, which, among other things, authorized individual agencies to post public record information of significant interest that agencies deem appropriate.

“The Data Breach Notification Archive is a public record that the public and media have every right to view,” said Consumer Affairs Undersecretary John Chapman. “Making it easily accessible by putting it online is not only in keeping with the guidelines suggested in the new Public Records Law, but also with Governor Baker’s commitment to greater transparency throughout the Executive Office.”

The Massachusetts data breach notification law, M.G.L.A. 98 H § 3, requires an organization to notify Massachusetts residents whose personal information has been compromised and to notify the Massachusetts attorney general. Unlike any other state breach notification law, however, the Massachusetts data breach notification law prohibits the notice to affected residents from including “the nature of the breach or unauthorized acquisition or use or number of residents of the commonwealth affected by said breach or unauthorized access or use.” In contrast, the notice to the Massachusetts attorney general must include “the nature of the breach of security or unauthorized acquisition or use, the number of residents of the commonwealth affected by such incident at the time of notification, and any steps the person or agency has taken or plans to take relating to the incident.” The Massachusetts attorney general also expects organizations to include a sample of the breach notification letters sent to Massachusetts residents.

California, Maryland, New Hampshire and Oregon are among the few states that currently post online the breach notifications provided to their respective attorney general. Numerous bloggers and media outlets monitor these websites to report on data breaches that otherwise haven’t been reported to the media. As such, organizations must prepare for greater public visibility of incidents – particularly smaller incidents that otherwise may not receive any public awareness beyond the letter recipients – now that all Massachusetts notifications will be posted online.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BakerHostetler | Attorney Advertising

Written by:

BakerHostetler
BakerHostetler
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

BakerHostetler on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide