Maura Healey, the Attorney General for Massachusetts, announced the release of a new online portal to allow businesses and enterprises to report data breaches quickly. Massachusetts state law mandates that any business or enterprise that handles a consumer’s personal information must alert the AG’s office in the event of a breach. Massachusetts defines personal information as social security numbers, driver’s license or state-issued identification card numbers, and financial account information.
By allowing businesses to submit a digital notice, the new online portal will help the AG’s office handle the sheer volume of received data breach reports. According to the Associated Press, Healey’s office has received more than 21,000 reports since the law went into effect in November of 2007. In 2017 alone the AG’s office received 3,821 reports of enterprise breaches, affecting million of citizens. This totals to an average of a little over ten reports of breaches a day.
AG Healey said in an official statement: “Data breaches are damaging, costly and put Massachusetts residents at risk of identity theft and financial fraud, so it’s vital that businesses come forward quickly after a breach to inform consumers and law enforcement. This new feature allows businesses to more efficiently report data breaches so we can take action and share information with the public.”
The release of this portal speaks to two very different realities in cybersecurity. On the one hand, the necessity of the portal to process the reports highlights the fundamental deluge of data breaches occurring every day—not just in Massachusetts but throughout the world. On the other hand, this does suggest that governments are beginning to fully recognize the modern hacking epidemic and the severity of each breach to consumers and enterprises alike. In order to truly enforce digital safety regulations, governments will need greater flexibility and versatility in their reporting systems to keep up with the barrage of attacks.
The web portal is available through the Massachusetts Attorney General’s website. A breached enterprise must still notify the office of Consumer Affairs and Business Regulation and affected Massachusetts residents even if they use the portal.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021