This page, Notifications in the event of a data breach, is part of
This page, Notifications in the event of a data breach, is offered by

Notifications in the event of a data breach

Any business or organization that has the personal information of people in Massachusetts must notify the Attorney General’s Office, the Office of Consumer Affairs and Business Regulations, and any victims in the event of a data breach.

The notification must include:

  • The nature of the breach
  • The number of residents affected by the breach
  • Any steps the agency has taken or plans to take relating to the incident
  • How to obtain a police report
  • Instructions for requesting a credit freeze

Notifications can be written or distributed electronically. The only time a notification can be delayed is when a law enforcement agency determines that the notification will impede a criminal investigation.

Feedback