Massachusetts Expands Breach Notification Requirements

Overview

Massachusetts Governor Charlie Baker recently signed House Bill 4806, amending the state’s data breach notification law. In relevant part, the amendment expands the information that must be reported to Massachusetts regulators in connection with a data breach involving the personal information of Massachusetts residents, imposes new requirements on compromised entities, and adds some clarification to when entities are required to issue notice of a breach. Companies should update their incident response to incorporate these changes and review their written information security policies and procedures for any compliance gaps. 

Advisor Thinking