The Massachusetts Attorney General’s office presented a new tool for reporting online data breach. The objective of this tool is to assist breached entities in quickly submitting breach notices. As demanded by the Massachusetts data breach notification law (M.GL.c. 93H), businesses must alert the Massachusetts attorney general’s office as soon as they encounter a breach of personal data. The notification need to be sent in immediately and without needless delay. Additionally, the episode should be reported to the Director of the Office of Consumer Affairs and Business Regulation (OCABR). Persons impacted by the breach should also get notices.
Massachusetts Attorney General Maura Healy mentioned the risk of identity theft and financial scams brought on by data breaches. Therefore, breaches should be reported to law enforcement and clients right away. Using the new data breach reporting tool, reporting breaches is a lot more efficient. It would permit taking steps and sharing info with the general public sooner. The Mass. Attorney General’s office is going to upload a database to its site summarizing the data breaches impacting state locals. This website will be similar to the Department of Health and Human Services’ Office for Civil Rights’ breach portal. There’ll be a section known as “Wall of Shame.” It lists organizations that experienced breaches showing the date the breaches took place and the number of individuals affected by the breach.
The online portal and data breach listing is the state’s project that shows how much it is dedicated to providing residents quick notification of data breaches. It is essential to let people do something right away to offset risks. Businesses must also be held responsible for security breaches to make certain something is carried out to stop the same incident.
Massachusetts was the first state to make the company Equifax responsible for its faults. It happened a year ago that a breach by Equifax caused Attorney General Healy to issue an enforcement action versus Equifax seeking civil penalties, restitution, disgorgement of income, costs and attorney’s fees as well as injunctive relief to void harm to state locals.
Massachusetts is one of the few states that use the right to pursue financial fines when healthcare organizations break HIPAA Rules. It will remain to do so and will be sure to make companies address weaknesses and execute reasonable safeguards to keep state residents’ PHI protected.