Making it easier and more efficient to report data breaches that affect Massachusetts residents, Attorney General Maura Healey today launched a new Data Breach Reporting Online Portal, which businesses and organizations can use to provide notice to the AG\u2019s Office as required by the Massachusetts Data Breach Notification Law. \n\nThe portal, available through the AG\u2019s website, gives organizations the option of reporting data breaches online to the AG\u2019s Office in lieu of delivering a hard copy notice. \n\n\u201cData breaches are damaging, costly and put Massachusetts residents at risk of identity theft and financial fraud \u2013 so it\u2019s vital that businesses come forward quickly after a breach to inform consumers and law enforcement,\u201d said AG Healey. \u201cThis new feature allows businesses to more efficiently report data breaches so we can take action and share information with the public.\u201d\n\nSince November 2007, the AG\u2019s Office has received notice of more than 21,000 breaches, with 3,821 breaches reported in 2017 affecting more than 3.2 million residents.\n\nIn September 2017, following a major data breach at credit reporting firm Equifax Inc., AG Healey filed the nation\u2019s first enforcement action over the company\u2019s failure to protect sensitive and personal information of nearly three million Massachusetts residents and also announced proposed legislation that will better protect consumers from data breaches.\n\nThe Massachusetts Data Breach Notification Law (M.G.L. c. 93H) requires any entity that owns or licenses a consumer\u2019s personal information to notify affected Massachusetts residents, the Office of Consumer Affairs and Business Regulation\u00a0(OCABR), and the AG\u2019s Office any time personal information is accidentally or intentionally compromised. \n\nData breaches may occur due to intentional hacking or because of human error, such as sending an e-mail to the wrong person or losing a laptop. Institutions experiencing data breaches range from the largest, most sophisticated institutions in the state to small businesses with only one or two employees. While many breaches affect a relatively small number of consumers, many entities have experienced data breaches affecting large numbers of consumers.\n\nThe Massachusetts Data Breach Notification Law was enacted on Aug. 2, 2007, and since then the AG\u2019s Office has been focused on making sure consumers receive proper and prompt notice when their information is put at risk by a data breach. Notification is important so that consumers can guard against harm, ranging from unauthorized use of a credit card to identity theft.\n\nThe use of the portal is voluntary and entities can still send written notice to the AG\u2019s Office through mail. Use of the portal does not relieve an organization of its obligations under chapter 93H to also notify OCABR and affected Massachusetts residents. \n\nA database that allows members of the public to view information online about reported data breaches is expected to be available on the AG\u2019s website in the coming weeks. It will allow consumers to see which businesses have reported data breaches and when, as well as the estimated number of affected Massachusetts residents.\n\nMore information about the Massachusetts Data Breach Notification Law and an organization\u2019s reporting obligations under that law (including sample notice forms) is available on the AG\u2019s Guidance for Businesses on Security Breaches website.