SENATE DOCKET, NO. 942        FILED ON: 1/16/2019

SENATE  .  .  .  .  .  .  .  .  .  .  .  .  .  .  No. 100

 

The Commonwealth of Massachusetts

_________________

PRESENTED BY:

Joseph A. Boncore

_________________

To the Honorable Senate and House of Representatives of the Commonwealth of Massachusetts in General
Court assembled:

The undersigned legislators and/or citizens respectfully petition for the adoption of the accompanying bill:

An Act relative to data breach notification.

_______________

PETITION OF:

 

Name:

District/Address:

Joseph A. Boncore

First Suffolk and Middlesex


SENATE DOCKET, NO. 942        FILED ON: 1/16/2019

SENATE  .  .  .  .  .  .  .  .  .  .  .  .  .  .  No. 100

By Mr. Boncore, a petition (accompanied by bill, Senate, No. 100) of Joseph A. Boncore for legislation relative to data breach notification.  Consumer Protection and Professional Licensure.

 

The Commonwealth of Massachusetts

 

_______________

In the One Hundred and Ninety-First General Court
(2019-2020)

_______________

 

An Act relative to data breach notification.

 

Be it enacted by the Senate and House of Representatives in General Court assembled, and by the authority of the same, as follows:
 

SECTION 1. Subsection (a)(2) of section 3 of chapter 93H of the General Laws, as appearing in the 2016 Official Edition, is hereby amended by inserting after “was acquired or used by an unauthorized person or used for an unauthorized purpose” the following text: “that creates a substantial risk of identity theft or fraud”.

SECTION 2.  Said subsection (b)(2) of said section 3 of said chapter 93H , as appearing,, is hereby further amended by inserting after “was acquired or used by an unauthorized person or used for an unauthorized purpose” the following text: “that creates a substantial risk of identity theft or fraud”.

SECTION 3. Said subsection (b) of said section 3 of said chapter 93H, as so appearing, is hereby further amended by striking out the last paragraph and inserting in place thereof the following paragraph:-

The notice to be provided to the resident shall include, but shall not be limited to: (i) the resident’s right to obtain a police report; (ii) how a resident may request a security freeze and the necessary information to be provided when requesting the security freeze; (iii) that there shall be no charge for a security freeze; and (iv) mitigation services to be provided pursuant to this chapter; provided, however, that said notice shall not include the nature of the breach of security or unauthorized acquisition or use, or the number of residents of the commonwealth affected said breach of security or unauthorized access or use. The person or agency that experienced the breach of security shall provide a sample copy of the notice it sent to consumers to the attorney general and the office of consumer affairs and business regulation.