The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) has published an online list of data breach notifications issued each year to Massachusetts residents since 2007, the inception of the Commonwealth’s data breach notification law. The list identifies the entity that was breached; the number of Massachusetts residents affected; whether the breach was of electronic or paper records; whether social security, drivers’ license, credit, or debit card numbers were accessed; whether the data was encrypted; whether a mobile device was lost or stolen; and whether credit monitoring or other relief was offered to the individuals affected.

These lists are being published in response to a new Massachusetts state law requiring state government to make certain records available online for residents, including “information of significant interest” on the Internet. Previously, breach notification information from Massachusetts could only be obtained through a public records request.

Under Massachusetts law, OCABR and the State Attorney General, as well as affected Massachusetts individuals are notified of the occurrence of a data breach. Notably, Massachusetts law, requires that the breach notice sent to Massachusetts residents not include a description of the nature of or specify the number of individuals affected. Unless the information is published by state regulators or by the media, affected individuals frequently don’t learn the details of a breach or how many other residents were affected by a breach. This new list will allow residents to learn more information about the scope of a breach, although not until the list for the applicable year is published.

Tags: Consumer Affairs and Business Regulation, Massachusetts, OCABR
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Kathleen Porter Kathleen Porter

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and…

Kathy Porter’s practice straddles the areas of intellectual property, business transactions, trade regulation, and Internet law and includes import/export control issues, such as compliance and enforcement, competition, privacy, and data security. She counsels businesses on the development and implementation of data security and privacy practices to comply with the patchwork of laws and rules applicable to the collection, use, safeguarding, sharing, and transfer of protected or personal data. She regularly structures arrangements with promoters, marketers, website exchanges, and other third parties for the purchase, sale, sharing, and safeguarding of personal data. Kathy prepares and negotiates representations, warranties, and indemnities regarding personal or protected data and privacy and data practices. She also assists clients with privacy audits and works with third-party certification organizations to obtain certification of companies’ privacy practices. She guides clients through internal investigations to assess and address notice and other obligations regarding privacy breaches. Kathy often works closely with our litigation attorneys to manage external investigations such as those by federal or state regulators. Read her rc.com bio here.

Read more about Kathleen Porter
Show more Show less
Related Posts
Precious-Metal Refiner Hit with Data Breach Class Action over 2023 Cyber-Attack
November 7, 2024
Columbus, Ohio Notifies 500,000 of Data Breach from Ransomware Attack
November 7, 2024
Tracfone Settles FCC Investigation for $16 Million
July 25, 2024