On January 10th Massachusetts Gov. Charlie Baker signed into law H. 4806, a new piece of legislation that amends the state’s existing data breach law to give citizens more rights and protections particularly against identity fraud. New requirements include that in the event of a data breach, any entity that owns or licenses personal data of Massachusetts citizens must report the exact information stolen to the Massachusetts attorney general and the Office of Consumer Affairs and Business Regulation.
If there are social security numbers compromised as part of the data breach, the company involved must offer credit monitoring services to affected customers for at least 18 months, and the company cannot delay notifying its customers on the basis of needing to determine individuals impacted. The new law takes effect on April 11, 2019.