Bill > H358

This bill amends Massachusetts law regarding the protection of personal financial information by expanding requirements for businesses that own or handle residents' personal data. The Department of Consumer Affairs and Business Regulation will now mandate that organizations develop comprehensive information security programs with administrative, technical, and physical safeguards designed to protect personal information. Specifically, businesses must designate employees to coordinate their security program, identify and assess potential internal and external risks to sensitive financial and personal information, implement safeguards to control those risks, and regularly evaluate the effectiveness of their security measures. Additionally, companies must take reasonable steps to ensure that third-party service providers can also maintain appropriate information protection standards. The bill also updates notification requirements for data breaches, mandating that consumers be informed about their rights, including how to obtain a police report and request a security freeze from consumer reporting agencies. Businesses will be considered compliant if they already adhere to specific federal regulations related to information security, such as those outlined in certain sections of U.S. Code Title 15 and Title 42.

Labor and Employment

https://malegislature.gov/Bills/194/H358