SENATE DOCKET, NO. 1093        FILED ON: 1/19/2017

SENATE  .  .  .  .  .  .  .  .  .  .  .  .  .  .  No. 179

 

The Commonwealth of Massachusetts

_________________

PRESENTED BY:

Eileen M. Donoghue

_________________

To the Honorable Senate and House of Representatives of the Commonwealth of Massachusetts in General
Court assembled:

The undersigned legislators and/or citizens respectfully petition for the adoption of the accompanying bill:

An Act relative to the cybersecurity of the Internet of Things and other smart devices.

_______________

PETITION OF:

 

Name:

District/Address:

 

Eileen M. Donoghue

First Middlesex

 

Tackey Chan

2nd Norfolk

1/27/2017

Jennifer L. Flanagan

Worcester and Middlesex

2/1/2017

Barbara A. L'Italien

Second Essex and Middlesex

2/2/2017

Sheila C. Harrington

1st Middlesex

2/3/2017

Eric P. Lesser

First Hampden and Hampshire

2/3/2017

Chris Walsh

6th Middlesex

2/3/2017

Bruce E. Tarr

First Essex and Middlesex

2/14/2017


SENATE DOCKET, NO. 1093        FILED ON: 1/19/2017

SENATE  .  .  .  .  .  .  .  .  .  .  .  .  .  .  No. 179

By Ms. Donoghue, a petition (accompanied by bill, Senate, No. 179) of Eileen M. Donoghue, Tackey Chan, Jennifer L. Flanagan, Barbara A. L'Italien and other members of the General Court for legislation relative to the cybersecurity of the Internet of Things and other smart devices.  Economic Development and Emerging Technologies.

 

The Commonwealth of Massachusetts

 

_______________

In the One Hundred and Ninetieth General Court
(2017-2018)

_______________

 

An Act relative to the cybersecurity of the Internet of Things and other smart devices.

 

Be it enacted by the Senate and House of Representatives in General Court assembled, and by the authority of the same, as follows:
 

SECTION 1. Section 1 of chapter 93H of the General Laws, as appearing in the 2014 Official Edition, is hereby amended by adding the following definitions:-

“Internet of Things (IOT)”, a internetworking system of physical devices embedded with electronics, software, sensors, unique identifiers, and network connectivity that are able to collect and transfer personal information over a network without requiring human-to-human or human-to-computer interaction.

“IOT Personal Data”, information collected by an IOT device relating to an individual or individuals who can be identified, directly or indirectly, by reference to the IOT device’s unique identifier and to one or more factors specific to that individual’s physical, physiological, mental, economic, cultural or social identity.

SECTION 2. Section 2 of chapter 93H of the general laws, as so appearing, is hereby amended by striking out subsection (a) and inserting in place thereof the following subsection:-

“(a) The department of consumer affairs and business regulation shall adopt regulations relative to any person that owns or licenses personal information about a resident of the commonwealth, any person that manufactures any IOT device that collects personal information or IOT personal data about a resident of the commonwealth, and any person that manufactures any autonomous vehicle that uses or incorporates an IOT device in the vehicle that collects personal information or IOT personal data about a resident of the commonwealth. Such regulations shall be designed to safeguard the personal information and IOT personal data of residents of the commonwealth and shall be consistent with the safeguards for protection set forth in the federal regulations by which the person is regulated. The objectives of the regulations shall be to: insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer. The regulations shall take into account the person's size, scope and type of business, the amount of resources available to such person, the amount of stored data, and the need for security and confidentiality of both consumer and employee information.”