Saturday, January 28th is Data Privacy and Protection Day
Since 2007, January 28th has been honored as Data Privacy & Protection Day. The international holiday, which is observed in the United States, was founded with the express purpose of promoting greater awareness about the importance of privacy and the protection of personal data on the internet.
With that in mind, earlier this month the Massachusetts Office of Consumer Affairs and Business announced that as of this month the Agency its Data Breach Notification Archive would be web-based in order to allow the public to peruse it online.
“The Data Breach Notification Archive is a public record that the public and media have every right to view,” said Consumer Affairs Undersecretary John Chapman. “Making it easily accessible by putting it online is not only in keeping with the guidelines suggested in the new Public Records law, but also with Governor Baker’s commitment to greater transparency throughout the Executive Office.”
Archive in response to Governor Baker’s Public Records Law Update
In June of 2016, Governor Baker signed an updated versions of the Public Records Law. According to the OCABR, this updated law now requires the online availability of certain public records. In response to the new law, various individual agencies with the Commonwealth’s government are now required to post public records with regards to information deemed of “significant interest” to the public.
A look at the number of Mass. residents affected by breaches since 2007
While 2016, saw the largest number of Data Breach notifications, 1866 in total, since the OCABR began tracking these statistics in 2007, it is important to note that number of Massachusetts residents affected by those data breaches was significantly less than the year before.
The following chart, provided by the OCABR, tracks both the number of breach notifications and the number of Mass. residents affected over the past nine years.
Why the Mass. insurance industry needs to know about this…
In Massachusetts, M.G.L. c. 93H, known as the Massachusetts Data Security Law, requires the immediate notification when any personal information of a Massachusetts resident is either accidentally or intentionally compromised. Since most insurers and insurance agencies, as well as many insurtech companies may have access to this information, they are required to comply with all aspects of this law.
What is a WISP?
WISP stands for the Comprehensive Written Information Security Program. Any business handling personal information in Massachusetts should have a WISP in place in order to comply with 201 CMR 17.00.