Notifications in the event of a data breach

Any business or organization that has the personal information of people in Massachusetts must notify the Attorney General’s Office, the Office of Consumer Affairs and Business Regulations, and any victims in the event of a data breach.

The notification must include:

  • The nature of the breach
  • The number of residents affected by the breach
  • Any steps the agency has taken or plans to take relating to the incident
  • How to obtain a police report
  • Instructions for requesting a credit freeze

Notifications can be written or distributed electronically. The only time a notification can be delayed is when a law enforcement agency determines that the notification will impede a criminal investigation.

Feedback

Did you find what you were looking for on this webpage? * required
We use your feedback to help us improve this site but we are not able to respond directly. Please do not include personal or contact information. If you need a response, please locate the contact information elsewhere on this page or in the footer.
We use your feedback to help us improve this site but we are not able to respond directly. Please do not include personal or contact information. If you need a response, please locate the contact information elsewhere on this page or in the footer.

If you need to report child abuse, any other kind of abuse, or need urgent assistance, please click here.

Feedback