Massachusetts Attorney General Maura Healey has launched a new Data Breach Reporting Online Portal, which businesses and organizations can use to provide notice to the AG’s Office as required by the Massachusetts Data Breach Notification Law.
The portal, available through the AG’s website, gives organizations the option of reporting data breaches online to the AG’s Office in lieu of delivering a hard copy notice. Its aim is to make it easier and more efficient to report data breaches that affect Massachusetts residents.
The use of the portal is voluntary and entities can still send written notice to the AG’s Office through mail. Use of the portal also does not relieve an organization of its obligations to notify the Office of Consumer Affairs and Business Regulation (OCABR) and affected Massachusetts residents.
“Data breaches are damaging, costly and put Massachusetts residents at risk of identity theft and financial fraud, so it’s vital that businesses come forward quickly after a breach to inform consumers and law enforcement,” said Healey in a press release issued by the Massachusetts Office of the Attorney General. “This new feature allows businesses to more efficiently report data breaches so we can take action and share information with the public.”
Since November 2007, the AG’s Office has received notice of more than 21,000 breaches, with 3,821 breaches reported in 2017 affecting more than 3.2 million residents, according to the release.
The Massachusetts Data Breach Notification Law was enacted on Aug. 2, 2007, and since then, the AG’s Office has focused on making sure consumers receive proper notice when their information is put at risk by a data breach.
The law requires any entity that owns or licenses a consumer’s personal information to notify affected Massachusetts residents, OCABR and the AG’s Office any time personal information is accidentally or intentionally compromised.
In September 2017, following a major data breach at credit reporting firm Equifax Inc., Healey filed the nation’s first enforcement action over the company’s failure to protect the personal information of nearly three million Massachusetts residents and also announced proposed legislation to better protect consumers from data breaches.
Data breaches may occur due to intentional hacking or because of human error, such as sending an e-mail to the wrong person or losing a laptop. Institutions experiencing data breaches range from the large institutions to small businesses with only one or two employees.
A database that allows members of the public to view information online about reported data breaches is expected to be available on the AG’s website in the coming weeks, the release said. It will allow consumers to see which businesses have reported data breaches and when, as well as the estimated number of affected Massachusetts residents.
Source: Massachusetts Office of the Attorney General