Massachusetts passed a bill amending security breach disclosure requirements. Under the bill, persons that own or license personal information about Massachusetts residents must offer credit monitoring services to each Massachusetts resident whose social security number was divulged (or is reasonably believed to have been divulged) during a breach of security. The credit monitoring services must be offered at no cost to the resident for a period of 18 months. In addition, the bill: amended the content of the security breach disclosure provided to Massachusetts residents; amended the content of the security breach notification provided to the Attorney General and the Department of Consumer Affairs and Business Regulation (Department); now requires the filing of a report with the Attorney General and the Department certifying compliance with Massachusetts’s credit monitoring service requirements; and requires notification to the Attorney General and the Department in the event there is a change to the information contained in the security breach notification. The bill went effect April 10, 2019.
See the Commonwealth of Massachusetts Website for the full text of the Statutes: https://malegislature.gov/Bills/190/H4806.pdf
