related to

Reporting data breaches to affected residents

If you know or have reason to know that your organization has experienced a data breach covered by the Breach Notification Law, you must notify all affected residents with a written Consumer Notice.

The Consumer Notice must include, but is not limited to:

  • The resident’s right to obtain a police report
  • How the resident can request a credit freeze
  • The information a resident will need to request a credit freeze
  • That there is no fee for requesting, temporarily lifting, or permanently removing a security freeze with any of the consumer reporting agencies

A sample letter containing information you must provide each affected consumer is available here

In addition, if the information involved in the incident includes social security numbers of Massachusetts residents, you must also provide each affected consumer with free credit monitoring services. Please consult the Breach Notification Law for more information about this mandate. 

 

Feedback