SENATE DOCKET, NO. 1093 FILED ON: 1/19/2017
SENATE . . . . . . . . . . . . . . No. 179
|
The Commonwealth of Massachusetts
_________________
PRESENTED BY:
Eileen M. Donoghue
_________________
To the Honorable Senate and House of Representatives of the Commonwealth of Massachusetts in General
Court assembled:
The undersigned legislators and/or citizens respectfully petition for the adoption of the accompanying bill:
An Act relative to the cybersecurity of the Internet of Things and other smart devices.
_______________
PETITION OF:
Name: | District/Address: |
|
Eileen M. Donoghue | First Middlesex |
|
Tackey Chan | 2nd Norfolk | 1/27/2017 |
Jennifer L. Flanagan | Worcester and Middlesex | 2/1/2017 |
Barbara A. L'Italien | Second Essex and Middlesex | 2/2/2017 |
Sheila C. Harrington | 1st Middlesex | 2/3/2017 |
Eric P. Lesser | First Hampden and Hampshire | 2/3/2017 |
Chris Walsh | 6th Middlesex | 2/3/2017 |
Bruce E. Tarr | First Essex and Middlesex | 2/14/2017 |
SENATE DOCKET, NO. 1093 FILED ON: 1/19/2017
SENATE . . . . . . . . . . . . . . No. 179
By Ms. Donoghue, a petition (accompanied by bill, Senate, No. 179) of Eileen M. Donoghue, Tackey Chan, Jennifer L. Flanagan, Barbara A. L'Italien and other members of the General Court for legislation relative to the cybersecurity of the Internet of Things and other smart devices. Economic Development and Emerging Technologies. |
The Commonwealth of Massachusetts
_______________
In the One Hundred and Ninetieth General Court
(2017-2018)
_______________
An Act relative to the cybersecurity of the Internet of Things and other smart devices.
Be it enacted by the Senate and House of Representatives in General Court assembled, and by the authority of the same, as follows:
SECTION 1. Section 1 of chapter 93H of the General Laws, as appearing in the 2014 Official Edition, is hereby amended by adding the following definitions:-
“Internet of Things (IOT)”, a internetworking system of physical devices embedded with electronics, software, sensors, unique identifiers, and network connectivity that are able to collect and transfer personal information over a network without requiring human-to-human or human-to-computer interaction.
“IOT Personal Data”, information collected by an IOT device relating to an individual or individuals who can be identified, directly or indirectly, by reference to the IOT device’s unique identifier and to one or more factors specific to that individual’s physical, physiological, mental, economic, cultural or social identity.
SECTION 2. Section 2 of chapter 93H of the general laws, as so appearing, is hereby amended by striking out subsection (a) and inserting in place thereof the following subsection:-
“(a) The department of consumer affairs and business regulation shall adopt regulations relative to any person that owns or licenses personal information about a resident of the commonwealth, any person that manufactures any IOT device that collects personal information or IOT personal data about a resident of the commonwealth, and any person that manufactures any autonomous vehicle that uses or incorporates an IOT device in the vehicle that collects personal information or IOT personal data about a resident of the commonwealth. Such regulations shall be designed to safeguard the personal information and IOT personal data of residents of the commonwealth and shall be consistent with the safeguards for protection set forth in the federal regulations by which the person is regulated. The objectives of the regulations shall be to: insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer. The regulations shall take into account the person's size, scope and type of business, the amount of resources available to such person, the amount of stored data, and the need for security and confidentiality of both consumer and employee information.”