Ask Reggi Your Question Now
Can you summarize MGL Chapter 93H?
REGULATION OF TRADE > SECURITY BREACHES
Short Summary
This section of the Massachusetts General Law governs security breaches and the protection of personal information of Massachusetts residents. It imposes a duty on persons or agencies that maintain or store personal information about residents of Massachusetts to report any known security breach or unauthorized use of such information. The duty includes providing notice to the owner or licensor of the data, as well as to the attorney general, the director of consumer affairs and business regulation, and the affected resident. The notice must include details about the breach or unauthorized use, the number of affected residents, the responsible person or agency, the type of personal information compromised, and any steps taken or planned to address the incident. The person or agency must also provide a sample copy of the notice to the attorney general and the office of consumer affairs and business regulation. Compliance with applicable federal laws, rules, regulations, guidance, or guidelines regarding breach response procedures is deemed to be in compliance with this chapter. The document does not specify specific penalties for non-compliance or violations.
Whom does it apply to?
Persons or agencies that maintain or store personal information about residents of Massachusetts, executive offices and their agencies, departments, boards, commissions, and instrumentalities, authorities created by the General Court, legislative branch, judicial branch, attorney general, state secretary, state treasurer, and state auditor
What does it govern?
Security breaches and the protection of personal information of Massachusetts residents
What are exemptions?
Compliance with the requirements of any applicable general or special law or federal law regarding the protection and privacy of personal information is not relieved by this chapter. However, a person or agency who maintains procedures for responding to a breach of security pursuant to federal laws, rules, regulations, guidance, or guidelines is deemed to be in compliance with this chapter if they notify affected Massachusetts residents in accordance with the maintained or required procedures.
What are the Penalties?
No specific penalties are mentioned in the provided document.
Jurisdiction
Massachusetts