small-logo
ProfessionalsCapabilitiesInsights & NewsCareersLocations
About UsAlumniOpportunity & InclusionPro BonoCorporate Social Responsibility
Stay Connected:
facebookinstagramlinkedintwitteryoutube
  1. Privacy & Data Security

Blog

Massachusetts Attorney General Announces New Online Tool for Data Breach Reporting

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page
  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

Blog

Massachusetts Attorney General Announces New Online Tool for Data Breach Reporting

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

1 Min Read

Related Locations

Chicago

Related Topics

Data Breach
Consumer Privacy

Related Capabilities

Privacy & Data Security
Compliance Programs

February 28, 2018

Massachusetts Attorney General Maura Healey recently launched a Data Breach Reporting Online Portal which will allow businesses to report data breaches online in lieu of sending hard copy notices. Massachusetts enacted a data breach notification law in 2007, which requires any entity that owns or licenses a consumer’s personal information to timely report data breaches to the Office of the Attorney General, the Office of Consumer Affairs and Business Regulations (OCABR), and all affected Massachusetts residents. Entities must disclose information regarding the nature of the breach, the number of affected residents, and any remedial action the entity has taken or plans to take.     

The new online portal is voluntary, and businesses can still submit hard copy notices to the attorney general’s office. Although businesses will still need to notify affected residents and OCABR of any breach separately, Massachusetts Attorney General Healey believes the electronic database will allow information to be shared more efficiently. The Massachusetts Attorney General’s Office also announced plans to roll out a publicly available database that will provide consumers with information about reported breaches. More than 21,000 breaches have been reported to the attorney general’s office since November 2007, when the office began handling such notices.

TIP: While the Massachusetts electronic breach reporting portal is optional, it is important to keep in mind that a growing number of states have specific forms, portals, and other requirements for notifying state regulators in the event of a breach. 

This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.

Logo
facebookinstagramlinkedintwitteryoutube

Copyright © 2025. Winston & Strawn LLP

AlumniCorporate Transparency Act Task ForceDEI Compliance Task ForceEqual Rights AmendmentLaw GlossaryThe Oval UpdateWinston MinutePrivacy PolicyCookie PolicyFraud & Scam AlertsNoticesSubscribeAttorney Advertising