Guide to Massachusetts Data Privacy Laws

Overview of Laws

M.G.L.  93H

  • Defines Personal Information.
  • Requires the state and affected parties be notified in the event of a security breach or unauthorized usage of personal information.

M.G.L. 93I

  • Requires that personal information be destroyed in a manner that leaves it unrecoverable.

201 CMR 17.00

  • Requires certain steps to verify that third party vendors with access to personal information do not introduce risk.
  • Requires limiting the amount of personal information collected. 

M.G.L. Ch. 93H defines Personal Information as an individual’s name in combination with any of the following:

  • Social Security Number
  • Driver’s License Number
  • State Identification Card Number
  • Financial Account Number, credit or debit card number

In addition, M.G.L. Ch. 93I includes Biometric Indicators as Personal Information.