Data Violations to be Publicly Listed Online in Massachusetts

by | Feb 5, 2018

Massachusetts Attorney General Maura Healey has revealed the introduction launch of a new Internet-based data breach reporting application. The focus is to allow  for breached organizations to file breach notifications to the Attorney General’s office as simply as possible.

As per Massachusetts data breach notification legislation (M.G.L. c. 93H), organizations experiencing a violation of personal information must file a notification to the Massachusetts attorney general’s office as soon as possible to do so and without unneeded delays. Breaches must also be submitted to the Director of the Office of Consumer Affairs and Business Regulation (OCABR) and alerts must be issued to affected people.

“Data breaches are damaging, costly and put Massachusetts residents at risk of identity theft and financial fraud – so it’s vital that businesses come forward quickly after a breach to inform consumers and law enforcement,” statedd Healey. “This new feature allows businesses to more efficiently report data violations so we can take action and share information with the public.”

In relation to the latter, the Mass. Attorney general’s office will soon be publishing a database on its website that will permit the public to overlook a summary of data breaches affecting state citizens, similar to the breach portal controlled by the Department of Health and Human Services’ Office for Civil Rights (OCR). The Massachusetts Attorney General’s “Wall of Shame” will list the groups that have been hit by data breaches, the date the breaches are believed to have happened, and the number of state residents that are thought to have been impacted.

The new Internet-based portal and breach listings are part of the state’s commitment to ensure state citizens are quickly notified about data breaches to allow them to take swift action to mitigate danger.

Massachusetts is also dedicated to holding businesses responsible when security breaches occur which could easily have been avoided.

In 2017, following alerts of a breach by Equifax, Attorney General Healey submitted an enforcement action against the credit monitoring company seeking civil fines, disgorgement of profits, restitution, costs, and attorneys’ fees along with injunctive relief to cut out harm to state residents. Massachusetts was the first state to kick off such an enforcement action against the group.

When this happened, Healey commented, “We are suing because Equifax needs to pay for its mistakes, make our residents whole, and fix the problem so it never happens again.”

Massachusetts is also one of a small number of states that has used the right to pursue financial penalties when healthcare groups breach HIPAA Rules and expose patients’ health data. The state will persist in punishing firms that do not address flaws and do not put in place reasonable security measure to keep the personal information of state residents safe.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy