February 15, 2022

Massachusetts Moving Closer to Comprehensive Data Privacy Protection

Bowditch & Dewey

+ Follow Contact

Send

Embed

The Commonwealth of Massachusetts is moving closer to passing consumer data privacy protection legislation with bipartisan support. The Joint Committee on Advanced Information Technology, the Internet and Cybersecurity brought forth the bill named the Massachusetts Information Privacy and Security Act (“MIPSA” or the “Act”).

The Act sets out requirements for companies that utilize consumer personal information, including placing limitations on the usage of such information, providing notice provisions to customers, and placing restraints on the practice of using personal information for a specific purpose. The detailed legislation is intended to provide greater consumer protections for usage of personal identifying information, requirements for companies using personal data as part of a business and enforcement of the new regulations by the Massachusetts Attorney General.

The legislation still requires support from other committees, passage in the legislature and approval by the Governor. Nevertheless, it appears that Massachusetts is moving closer to the passage of this legislation that will create a wide-ranging law governing data privacy and cybersecurity for consumers and companies doing business in Massachusetts. Apparently, the drafters of the legislation intend to have the final version of the Act serve as precedent for comprehensive federal legislation.

IMPACT ON CONSUMERS AND COMPANIES

The Act provides Massachusetts residents with the right to opt-out of certain data collection, the sale of personal data and the right to limit the use and disclosure of personal information. Further, the Act provides for a private right of action for individuals to litigate against companies that have over $25 million in annual revenue or companies that process the personal information of 100,000 or more of Massachusetts residents, or businesses that operate as data brokers. The law would also require the registration of data brokers with the Massachusetts Attorney General’s office and provide information regarding the privacy protocols established by a data broker.

The Act provides for governmental enforcement by the Massachusetts Attorney General’s office, who will be empowered to enforce the Act through investigations and the ability to levy fines against companies for failure to abide by the Act.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

Written by:

Bowditch & Dewey

Contact + Follow

less

Published In:

Consumer Privacy Rights

+ Follow

Corporate Counsel

+ Follow

Cybersecurity

+ Follow

Data Collection

+ Follow

Data Privacy

+ Follow

Data Protection

+ Follow

Data Security

+ Follow

Information Security

+ Follow

Opt-Outs

+ Follow

Personally Identifiable Information

+ Follow

Privacy Laws

+ Follow

Private Right of Action

+ Follow

State Privacy Laws

+ Follow

Consumer Protection

+ Follow

Privacy

+ Follow

Science, Computers & Technology

+ Follow

less

Bowditch & Dewey on:

Massachusetts Moving Closer to Comprehensive Data Privacy Protection

IMPACT ON CONSUMERS AND COMPANIES

Latest Posts

Written by:

Published In:

Bowditch & Dewey on:

"My best business intelligence, in one easy email…"