Guide to Massachusetts Data Privacy Laws
Overview of Laws
- Defines Personal Information.
- Requires the state and affected parties be notified in the event of a security breach or unauthorized usage of personal information.
- Requires that personal information be destroyed in a manner that leaves it unrecoverable.
- Requires certain steps to verify that third party vendors with access to personal information do not introduce risk.
- Requires limiting the amount of personal information collected.
M.G.L. Ch. 93H defines Personal Information as an individual’s name in combination with any of the following:
- Social Security Number
- Driver’s License Number
- State Identification Card Number
- Financial Account Number, credit or debit card number
In addition, M.G.L. Ch. 93I includes Biometric Indicators as Personal Information.