The Commonwealth’s Data Breach Security Law, Mass. General Law, Chapter 93H, has been in effect since October 31, 2007. The law requires businesses and others that own or license personal information of residents of Massachusetts to notify the Office of Consumer Affairs and Business Regulation and the Office of Attorney General when they know or have reason to know of a breach of security. They must also provide notice if they know or have reason to know that the personal information of a Massachusetts resident was acquired or used by an unauthorized person, or used for an unauthorized purpose. In addition to providing notice to government agencies, businesses or individuals that store or maintain personal information must notify the owner or licensor of the information if they know or have reason to know of such a breach, acquisition or use. See here for more information about requirements for businesses in reporting a security breach.

The following information is the number of data breach notifications that the Office has received since the notification law took effect. The below table also includes information about the number of Massachusetts residents affected by those data breaches.

Breaches and Residents Affected By Year

Year

# of Breach Notifications

# of MA Residents Affected

2007 (Nov to Dec)299,079
2008416717,053
2009436384,514
20104741,035,743
20114781,008,275
20121,143340,462
20131,8211,163,643
2014 (through end of February)34968,043

Find the 2012 Data Privacy Report here pdf format of 2012 Data Privacy Report
.
Find the 2013 Data Privacy Report here pdf format of 2013 Data Privacy Report