Massachusetts Launches Online Data Breach Reporting Portal
Massachusetts Attorney General Maura Healey has launched a new Data Breach Reporting Online Portal, which businesses and organizations can use to provide notice to the AG’s Office as required by the Massachusetts Data Breach Notification Law.
The portal, available through the AG’s website, gives organizations the option of reporting data breaches online to the AG’s Office in lieu of delivering a hard copy notice. Its aim is to make it easier and more efficient to report data breaches that affect Massachusetts residents.
The use of the portal is voluntary and entities can still send written notice to the AG’s Office through mail. Use of the portal also does not relieve an organization of its obligations to notify the Office of Consumer Affairs and Business Regulation (OCABR) and affected Massachusetts residents.
Since November 2007, the AG’s Office has received notice of more than 21,000 breaches, with 3,821 breaches reported in 2017 affecting more than 3.2 million residents, according to the release.
The Massachusetts Data Breach Notification Law was enacted on Aug. 2, 2007, and since then, the AG’s Office has focused on making sure consumers receive proper notice when their information is put at risk by a data breach.
The law requires any entity that owns or licenses a consumer’s personal information to notify affected Massachusetts residents, OCABR and the AG’s Office any time personal information is accidentally or intentionally compromised.
In September 2017, following a major data breach at credit reporting firm Equifax Inc., Healey filed the nation’s first enforcement action over the company’s failure to protect the personal information of nearly three million Massachusetts residents and also announced proposed legislation to better protect consumers from data breaches.
Data breaches may occur due to intentional hacking or because of human error, such as sending an e-mail to the wrong person or losing a laptop. Institutions experiencing data breaches range from the large institutions to small businesses with only one or two employees.
A database that allows members of the public to view information online about reported data breaches is expected to be available on the AG’s website in the coming weeks, the release said. It will allow consumers to see which businesses have reported data breaches and when, as well as the estimated number of affected Massachusetts residents.
Source: Massachusetts Office of the Attorney General
- California Commissioner Orders Insurance Cancelation Moratorium for 185K Residents
- More People Moving In Than Out of Counties With High Catastrophe Risk
- Florida Insurer Can’t Object to Appraiser After the Award Is Decided, 11th Circuit Says
- Liberty Mutual’s ‘Deliberate Actions’ Keep It on Path to Profit