There’s a Form for That? Breach Notices and State Reporting Portals
The recent launch by Massachusetts Attorney General of an online data breach reporting portal is a reminder that many states have such online reporting mechanisms. In Massachusetts, companies that have suffered a data breach and are required to provide notice to the MA AG can either continue to submit a hard copy notice to MA, or can choose to use the portal.
Other states with online data breach submission forms include California, where the online submission is mandatory. Nebraska also has an online reporting process, but like MA, the use of the online submission process is optional. New Jersey also has an online process for reporting a cyber incident, in addition to a different process for reporting a breach. North Carolina also has companies submit breach notification through an online process.
Massachusetts requires companies to notify not just the attorney general, but also the Office of Consumer Affairs and Business Regulation. It, too, has an online reporting portal that can be used. Both portals can be accessed through the Attorney General’s page on Security Breaches.
Putting it Into Practice: The recent launch of the MA online portal is a reminder that of the various states with notification reporting requirements to state authorities, many have their own online process for companies to use.