Ask Reggi Your Question Now
Can you summarize MGL Chapter 93H, Section 3A?
SECURITY BREACHES > Breaches of security including social security numbers; offer of credit monitoring services required
Short Summary
This section of the Massachusetts General Law governs breaches of security that involve social security numbers. If a person or agency knows or has reason to know that they have experienced a security breach that includes a social security number, they are required to contract with a third party to offer credit monitoring services at no cost to the affected residents. The duration of the credit monitoring services should be at least 18 months, or 42 months if the person or agency experiencing the breach is a consumer reporting agency. The contracts for credit monitoring services should not include reciprocal agreements for services in lieu of payment or fees. The person or agency must provide all necessary information for residents to enroll in credit monitoring services and include information on how to place a security freeze on their consumer credit report. The document also states that a person or agency cannot require residents to waive their right to a private right of action as a condition of the offer of credit monitoring services. The Department of Consumer Affairs and Business Regulation may issue regulations interpreting and applying this section.
Whom does it apply to?
Persons or agencies that experience a breach of security
What does it govern?
Breaches of security including social security numbers
What are exemptions?
No exemptions are mentioned.
What are the Penalties?
Not specified.
Jurisdiction
Massachusetts