The proposed bill aims to enhance the protection of sensitive information in Massachusetts by amending Chapter 93H of the General Laws. Key changes include the introduction of new definitions for "biometric information," "genetic information," "health insurance information," "medical information," and "specific geolocation information." The definition of "breach of security" is also revised to clarify that it involves unauthorized acquisition or use of personal information, with specific exceptions for good faith actions by employees. Additionally, the definition of "personal information" is expanded to include various types of sensitive data, such as biometric and genetic information, and the bill mandates that rules and regulations be updated to reflect these changes.

Further amendments focus on the notification process following a security breach. The bill specifies that individuals affected by a breach must receive detailed information about the incident, including the type of compromised data and their rights regarding security measures. It also stipulates that if the breach involves log-in credentials, notification can be provided electronically, directing individuals to take protective actions. The bill emphasizes the importance of timely communication and requires that notices be sent without delay, even if the total number of affected residents is not yet known. Overall, the legislation seeks to strengthen data security and ensure that residents are adequately informed in the event of a breach.

Statutes affected:
Bill Text: 93H-1