The bill aims to enhance the security of personal information by amending Chapter 93H of the General Laws. Key changes include the removal of the existing definition of "Agency" and the introduction of new definitions such as "Access device," "Biometric indicator," "Information security program," and "Neural data." The definition of "Personal information" has been expanded to include various data elements, such as biometric indicators and neural data, while also clarifying that it does not encompass information obtained from publicly available sources. Additionally, the bill revises the definition of "Substitute notice" to outline specific methods of notification in the event of a data breach.

Furthermore, the bill mandates the Department of Consumer Affairs and Business Regulation to adopt regulations that safeguard personal information, ensuring compliance with federal standards. It also stipulates that notice to affected residents must include essential information regarding their rights and the breach, while allowing for exceptions in cases of inadvertent disclosures that are deemed unlikely to result in harm. The bill emphasizes the importance of maintaining written documentation of such determinations and requires that any additional notice be provided promptly if new information arises.

Statutes affected:
Bill Text: 93H-1