August 9, 2020

Volume X, Number 222

August 07, 2020

Subscribe to Latest Legal News and Analysis

August 06, 2020

Subscribe to Latest Legal News and Analysis

Massachusetts Changes Data Breach Notification Requirements

The Governor of Massachusetts has just signed into law amendments to the state’s data breach notification law. The amendments will go into effect April 11, 2019. Under the amended law, companies whose breaches involve Social Security numbers must provide free credit monitoring services to affected individuals. The services must last 18 months (42 months if the breached company is a credit reporting agency). Companies can’t require individuals to waive their rights to sue in order to get free credit monitoring and must certify to the state that the services provided comply with the law.

The amended law includes new requirements for consumer breach notices. Those notices must now describe any required credit monitoring services and identify a breached company’s parent company if it has one. A company won’t be able to delay sending notices while it identifies all affected consumers, but must send notices on a rolling basis. The amended law also requires more information in notices to state regulators. Breach notices to the two state regulators must now identify the person responsible for the breach (if it is known), the person reporting the breach, and the types of personal information compromised. Notices must also describe the steps taken by the company after the breach—including whether the company has revised its written information security program.

Putting it Into Practice: Companies with a nationwide incident response plan should keep in mind this expanded (18) month credit monitoring requirement.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume IX, Number 29


About this Author

Shanna Pearce, Sheppard Mullin, San Diego, litigation, class action, intellectual property, IP, copyrights, false advertising, commercial litigation, lanham act, unfair competition

Ms. Pearce represents businesses in the areas of intellectual property and commercial litigation, from trademark and copyright matters to consumer class actions. She has represented Fortune 500 companies in complex actions involving allegations of copyright violation, breach of contract, fraud, and unfair business practices. She has also defended retailers and financial institutions in class actions alleging violations of statute and federal laws relating to false advertising, unfair competition, pricing practices, and lending disclosures. Ms. Pearce’s litigation...