logo

Massachusetts and Rhode Island Law on Data Breach Notification

Acme Bath & Plumbing, a Boston-based company, experienced a security breach where over 2000 client records were accessed by an unknown third party using the President's credentials obtained through spearphishing. The company is seeking assistance in resolving the issue.

5 Pages781 Words298 Views
   

Added on  2022-11-19

About This Document

This document discusses the Massachusetts and Rhode Island law on data breach notification. It explains what Acme is required to do with respect to notifying its impacted resident consumers regarding the December-January security incident. The document also provides specific language recommendations for Acme to use in its notice to the Massachusetts and Rhode Island consumers.

Massachusetts and Rhode Island Law on Data Breach Notification

Acme Bath & Plumbing, a Boston-based company, experienced a security breach where over 2000 client records were accessed by an unknown third party using the President's credentials obtained through spearphishing. The company is seeking assistance in resolving the issue.

   Added on 2022-11-19

ShareRelated Documents
Running Head: MIS
MIS
Name
Institution
Massachusetts and Rhode Island Law on Data Breach Notification_1
MIS 2
1. What does Massachusetts law require Acme to do with respect to notifying its
impacted resident consumers regarding the December-January security incident?
According to the Massachusetts’ law, any breach of personal information that affects the
residents of the commonwealth and is managed or stored by any (legal) person must be reported,
by way of notice, to the residents of the commonwealth within a practical time and without
unreasonable delay. ("General Law - Part I, Title XV, Chapter 93H, Section 3", 2019).
Furthermore, the content of the notice must include the approximate date and time of the breach,
the information accessed and any steps taken in relation to the breach. ("General Law - Part I,
Title XV, Chapter 93H, Section 3", 2019).
2. Does Massachusetts law require Acme to make any other notifications (other than to
the impacted MA residents)?
The legislation continues to provide that should such a breach be detected, the company must
notify the attorney general and the director of consumer affair and business regulations.
("General Law - Part I, Title XV, Chapter 93H, Section 3", 2019) The content of the same must
include; the nature of the breach, the number of residents affect as of the time of notification and
the steps taken to remedy the breach and its affects thereof. ("General Law - Part I, Title XV,
Chapter 93H, Section 3", 2019) (Journal, 2019)
3. What does Rhode Island law require Acme to do with respect to notifying its
impacted resident consumers regarding the December-January security incident?
The Acme Company is compelled by law to notify any and all persons whose personal
information has been unlawfully accessed. According to the Identity Theft Protection Act of
Massachusetts and Rhode Island Law on Data Breach Notification_2

End of preview

Want to access all the pages? Upload your documents or become a member.