Massachusetts Attorney General (AG) Maura Healey has announced that the state will offer an online portal where businesses can more easily report that they have experienced a data breach. Massachusetts will also offer consumers an electronic database to view reported breaches, similar to the online repositories operated by California, Maryland and other states. Affected companies will still have the option of providing hard-copy notifications to the state, as they do now.
Forty-eight states and D.C. have data breach notification laws (and if South Dakota’s bill is signed into law, it will be 49 states). Many of these laws have provisions requiring notice to the AG and/or allowing for AG enforcement, and state law enforcement officers have been heavily involved in data breach actions. Also extremely engaged in data breach litigation is the plaintiffs’ bar, which has been known to monitor state breach databases for potential lawsuits, using them as a roadmap for complaints.
For a more detailed look at the privacy and data security enforcement priorities of AG Healey, who is one of the thought leaders among AGs nationwide on these issues, check out our interview with her on the website of the International Association of Privacy Professionals.