MA law requires any entity, including independent agencies, to notify residents of a breach
The Office of Consumer Affairs and Business Regulations recently announced the introduction of a new online electronic data breach submission portal. The new portal allows individuals and businesses to easily comply with the notification requirement pursuant to the Massachusetts Data Security Law.
The law, codified in M.G.L. c. 93H, requires any entity safekeeping or storing a consumer’s personal information to notify any Massachusetts resident of a data breach in which that information is accidentally or purposefully compromised. In addition to notifying affected Massachusetts residents, the entity must also notify the Office of Consumer Affairs and Business Regulation as well as the Attorney General’s Office.
“Since the law’s inception in 2007, businesses have always been required to notify the Office of Consumer Affairs of a data breach,” said Undersecretary John Chapman. “Our Office wanted to streamline the reporting process while still collecting the information from businesses that the law requires. This new portal accomplishes that, making it administratively more efficient for our Office and providing uniformity for those entities that are required to notify us of data breaches.”
How to access the new online form
The new online data breach notification portal provides a standard form to collect specific information required by law relative to a data breach. It does not replace nor prohibit an entity from notifying a resident or the appropriate government agencies via mail. An online submission to the OCABR also does not relieve a business of their legal obligation to separately notify a Massachusetts resident or the AG’s office.
The new electronic form can be accessed at http://1.usa.gov/1XmXyBM
Over 1,000,000 Massachusetts residents affected by data breaches in 2015
According to the most recent data from the Office of Consumer Affairs and Business Regulations, there were 1,834 data breach notifications in 2015. As a result, approximately 1,338,048 Massachusetts residents were affected, almost a million more than was reported for all of 2014.
The following chart shows the growth in both the number of data breaches as well as Massachusetts residents affected since the OCABR began tracking data breaches in 2008, one year after the passing of the Massachusetts Data Security Law.