Data Privacy Regulation & Management » New Massachusetts Privacy Laws

In Brief

New Massachusetts Privacy Laws – Breach Notification Requirements

Submitted by Steve Meltzer on March 9, 2009 – 9:36 pm Comments

[Updated October 15, 2009 for compliance with new amendments to the regulations]

by Stephen E. Meltzer, Esq., CIPP

Breach Notification Requirements

Section 3 of Chapter 93H contains specific reporting requirements for breaches related to personal information. According to the statute, if the possessor or owner of the information knows, or has reason to know that a breach has occurred, a notification requirement is triggered. The notification must be given if there is a breach of security or if there has been an unauthorized use or acquisition of personal information. Specifically, a possessor (who is not an owner) must notify the owner of the information. The owner must notify the Attorney General, the OCABR and the affected Massachusetts resident.

According to the Attorney General website:

“The notice to the Attorney General and the Director of Consumer Affairs and Business Regulation shall include, but not be limited to: (1) the nature of the breach of security or the unauthorized acquisition or use; (2) the number of Massachusetts residents affected by such incident at the time of notification; and (3) any steps the person or agency has taken or plans to take relating to the incident.” The AG has even provided a sample letter for the notification.

Popularity: 32% [?]

Share and Enjoy:

Africa »

South Africa privacy law impacts mobile phone subscriber numbers

Legislation in South Africa designed to track mobile phone users involved in the commissioning of a crime has had a negative impact on mobile penetration figures. Vodacom and MTN have said they have suffered subscriber …

More articles »

Asia »

Official Google Blog: A new approach to China

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted …

More articles »

Europe »

UK: Recent ICO Enforcement cases – Data Protection Act (DPA)

15 June 2010
Basingstoke and North Hampshire NHS Trust has signed a formal Undertaking after an excel spreadsheet, containing 917 patients’ pathology results, was emailed via an unsecure address to another department. The spreadsheet was not password …

More articles »

North America »

Secretary Sebelius Announces Final Rules To Support ‘Meaningful Use’ of Electronic Health Records

Press Release from HHS (July 13, 2010):

WASHINGTON – U.S. Department of Health and Human Services Secretary Kathleen Sebelius today announced final rules to help improve Americans’ health, increase safety and reduce health care costs through …

More articles »

Me

Contact me

or use the

Privacy Links

Disclaimer

This website is for general information purposes only. Information posted is not intended to be legal advice. As Doug Cornelius so elegantly puts it, I am a lawyer, but I am not your lawyer.

Privacy Links

Disclaimer

(c) Stephen E. Meltzer 2009

New Massachusetts Privacy Laws – Breach Notification Requirements

Africa »

South Africa privacy law impacts mobile phone subscriber numbers

Asia »

Official Google Blog: A new approach to China

Europe »

UK: Recent ICO Enforcement cases – Data Protection Act (DPA)

North America »

Secretary Sebelius Announces Final Rules To Support ‘Meaningful Use’ of Electronic Health Records

Oceania »

AU: Gov’t wants ISP’s to record browsing history

South America »

Laptop with Belize birth certificate information stolen

Subscribers

Subscribe in Reader

Subscribe by Email

Categories

Me

LCA Trust

Contact me

Recent Posts

Most Commented

Most Popular