October 27, 2020

Volume X, Number 301

Advertisement

October 27, 2020

Subscribe to Latest Legal News and Analysis

October 26, 2020

Subscribe to Latest Legal News and Analysis

Massachusetts Attorney General Creates Data Privacy and Security Division

The Massachusetts Office of the Attorney General has created a new Data Privacy and Security Division. This Division is charged with protecting consumers from the threats to the privacy and security of their data. The Attorney General, Maura Healey, announced “The Data Privacy and Security Division will build on our office’s commitment to empowering Massachusetts consumers in the digital economy, ensuring that companies are protecting personal data, and promoting equal and open access to the internet.”

Attorney General Healey announced that the Data Privacy and Security Division will “investigate and enforce the Massachusetts Consumer Protection Act and Data Breach Law to protect the security and privacy of consumers’ data.” This new Data Privacy and Security Division is the latest development in increasing efforts by Massachusetts officials to address cybersecurity concerns. In the Fall of 2019, Massachusetts Governor Charlie Baker introduced an expansive cybersecurity program, including statewide workshops for municipalities to work together to enhance their cybersecurity capabilities.

Notably, last Spring, Massachusetts updated its data breach notification law with changes that are likely to create opportunities for enforcement by the division. In particular, the new law expanded the content requirements for notifications to the Attorney General and Office of Consumer Affairs and Business Regulation (OCABR) to include, among other things, whether the business that experienced the breach maintains a written information security program (WISP) and whether they have updated the WISP.  Employers maintaining personal information of Massachusetts residents should revisit their incident response plan (or develop one).

Employers operating in Massachusetts or holding data on Massachusetts residents should be aware of the focus that Governor Baker and Attorney General Healey have placed on cybersecurity. These Massachusetts programs highlight the importance of conducting risk assessments to identify and address potential vulnerabilities to hackers as well as security risks created by employees and contractors.

Jackson Lewis P.C. © 2020National Law Review, Volume X, Number 261
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Michael Bertoncini, Jackson Lewis, labor relations attorney, employment litigation lawyer, NLRB proceedings counsel, arbitration law
Principal

Michael R. Bertoncini is a Principal in the Boston, Massachusetts, office of Jackson Lewis P.C. He practices labor and employment law, with a particular emphasis on labor relations, and employment law counseling and litigation.

In labor relations matters, he regularly counsels clients on the practice of positive employee relations, negotiates collective bargaining agreements on behalf of organized clients, represents clients in labor arbitrations and National Labor Relations Board proceedings, and counsels clients with...

617-367-0025
Advertisement
Advertisement