X
    X
    X
    X

    Massachusetts Amendments Impose Additional Data Security Breach Requirements

    Publications

    On January 10, 2019, Massachusetts Governor Baker signed “An Act relative to consumer protection from security breaches” (House Bill No. 4806), which added new requirements and obligations for companies that experience a data breach.  The new requirements impose expanded content requirements for breach notices provided to Massachusetts state agencies, including contact and other information for the person reporting the breach of security, identification of the person responsible for the breach, and the types of personal information compromised.

    The new law also expands content requirements for breach notifications to affected individuals, including that there is no charge for a security freeze, a description of mitigation services, and the identity of a parent company if the breached company is a subsidiary.  Sample notices to individuals must be filed with the attorney general and with the office of consumer affairs and business regulation, which must post the sample notice on its website.

    Breach notices cannot be delayed on the grounds that the total number of affected individuals has not been ascertained.

    In addition, in breaches involving Social Security numbers, free credit monitoring services must be offered to affected individuals for at least 18 months; at least 42 months of free services where the breach involves a consumer reporting agency.  Consumers cannot be required to waive rights to sue as a condition of accepting the services.

    The post Massachusetts Amendments Impose Additional Data Security Breach Requirements appeared first on Insurance & Reinsurance.

    Explore Additional Topics

    Disclaimer

    Please understand that your communications with Locke Lord LLP through this website do not constitute or create an attorney-client relationship with Locke Lord LLP. Any information you send to Locke Lord LLP through this website is on a non-confidential and non-privileged basis. Therefore, do not send or include any information in your email that you consider to be confidential or privileged.