HB Ad Slot
HB Mobile Ad Slot
Breach Response Portal Added by Massachusetts Regulator
Wednesday, April 27, 2016

If you have had to provide data breach notices across any number of states (and who hasn’t….), you would know that they vary widely in how those notices must be provided to state regulators. In some states (for example, California, North Carolina, Indiana, and New York), the Attorney General’s office has established an online portal that must be used for breach notices.  In still other states, notice letters must be sent to one or multiple regulators.

Pursuant to the Massachusetts data breach notification statute, M.G.L. 93H, notices must be provided to the affected resident, the Attorney General’s office and to the Office of Consumer Affairs and Business Regulation (OCABR). It is not enough that Massachusetts has a sui generis breach notice content statutory requirement (you must tell affected residents of the breach, but you can’t tell them about the breach), now the OCABR has created its own notice submission portal that is a separate form and not just a place to upload a copy of the AG notice. A letter sent out earlier this month also says “It is important to note that this electronic submission form only satisfies the notification requirement for OCABR.  The submission does not relieve businesses of their legal obligation to separately notify the AGO and the affected Massachusetts residents.”

Make sure you update your incident response plan to account for this additional notice requirement.

HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins