February 4, 2018
Massachusetts Attorney General Maura Healey has declared the introduction of a new online data break reporting tool. The purpose is to make it as easy as possible for breached units to submit breach notices to the Attorney General’s office.
Under Massachusetts data breach notice law (M.G.L. c. 93H), companies undergoing a breach of private information should submit a notice to the Massachusetts attorney general’s office as soon as it is possible to do so and without needless delay. Breaches should also be informed to the Director of the Office of Consumer Affairs and Business Regulation (OCABR) and notices should be issued to affected people.
“Data breaches are harmful, expensive and put Massachusetts inhabitants at risk of identity thievery and financial scam – therefore it’s crucial that companies come forward swiftly after a breach to notify law enforcement and consumers,” said Healey. “This new quality lets companies to more efficiently inform data breaches so we can take action and share information with the community.”
Regarding the latter, the Mass. Attorney general’s office will shortly be uploading a database to its website that will let the public to see a synopsis of data breaches affecting state inhabitants, similar to the breach gateway maintained by the Division of Health and Human Services’ Office for Civil Rights. The Massachusetts Attorney General’s “Wall of Shame” will list the companies that have suffered data breaches, the date the breaches are supposed to have happened, and the number of state inhabitants that are supposed to have been impacted.
The new online gateway and breach listings are part of the state’s pledge to make certain state inhabitants are quickly informed about data breaks to enable them to take quick action to alleviate risk.
Massachusetts is also devoted to holding companies accountable when safety breaches are experienced that might easily have been avoided.
Previous year, after notification of a breach by Equifax, Attorney General Healey filed an implementation action against the credit checking company seeking civil fines, disgorgement of costs, profits, restitution, and attorneys’ fees besides injunctive relief to avoid harm to state inhabitants. Massachusetts was the first state to introduce such an enforcement action against the company.
At the time, Healey said, “We are prosecuting since Equifax should pay for its errors, make our inhabitants whole, and resolve the issue so it never occurs once again.”
Massachusetts is also among a few of states that have exercised the right to follow fiscal penalties when healthcare companies breach HIPAA Laws and disclose patients’ health information. The state will carry on to punish companies that fail to address weaknesses and don’t implement reasonable protections to keep the private information of state residents safe.