For Immediate Release - May 25, 2016

Office of Consumer Affairs and Business Regulation Introduces Online Data Breach Notification

Boston, MA (May 25, 2016) — The Office of Consumer Affairs and Business Regulation today announced the introduction of an electronic data breach submission portal aimed at simplifying the notification requirement for individuals and businesses by providing a standard form to collect specific information required by law relative to a data breach.

The Massachusetts Data Security Law (M.G.L. c.93H) requires any entity that keeps a consumer’s personal information to notify affected Massachusetts residents, the Office of Consumer Affairs and Business Regulation, and the Attorney General’s Office anytime personal information is accidentally or intentionally compromised.         

“Since the law’s inception in 2007, businesses have always been required to notify the Office of Consumer Affairs of a data breach,” said Undersecretary John Chapman. “Our Office wanted to streamline the reporting process while still collecting the information from businesses that the law requires. This new portal accomplishes that, making it administratively more efficient for our Office and providing uniformity for those entities that are required to notify us of data breaches.”

The new electronic form available at  does not prohibit entities from notifying the office via mail and the submission does not relieve businesses of their legal obligation to separately notify the Attorney General’s Office and affected Massachusetts residents.

The Office of Consumer Affairs and Business Regulation is committed to protecting consumers through consumer advocacy and education, and also works to ensure that the businesses its agencies regulate treat all Massachusetts consumers fairly. Follow the office at its blog, on Facebook, and on Twitter @Mass Consumer.

# # #