Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsMassachusetts Establishes a Data Privacy and Security Division in Its Attorney General Office
Massachusetts joined a handful of other states in establishing a dedicated data privacy and security division within its Attorney General Office. The division will investigate and enforce the Massachusetts Consumer Protection Act and Data Breach Law. According to its newly appointed chief Sara Cable, the division is expected to “ramp up” enforcement efforts where necessary. In addition,, going forward, the division will also seek to address such technology issues as machine learning and artificial intelligence algorithms to ensure that they don’t discriminate against individuals based on legally-protected data such as race, national origin, and age.
Similar specialized units have been established in recent years in the Attorney General Offices in California, Florida, Connecticut, and New Jersey. According to a Wall Street Journal’s recent report, data privacy and security divisions have been increasing their staffing as new privacy laws are being passed and considered, and the volume of data security incidents increases.
For example, the California privacy protection unit created by then-Attorney General Kamala Harris is tasked with enforcing the California Consumer Privacy Act, among other responsibilities. A dedicated division within the New Jersey Attorney General’s Office was recently created to “aggressively focus on internet privacy and data security investigations on behalf of the Division of Consumer Affairs and the State of New Jersey and bring actions for damages and amended business/industry protocols.” The Privacy and Data Security Department in the Connecticut Attorney General’s Office has recently tapped into its expertise in reaching, along with other states, a $148 million settlement with Uber Technologies Inc., over a 2016 data breach.
The State Attorney General Offices play a vital part in enforcing certain federal privacy regulations, such as HIPAA, state data breach notification laws, and consumer protection regulations applicable to companies’ privacy and data security practices. In the absence of specialized state privacy agencies, the Attorney General Offices will also likely take on the duties of state privacy regulators. As the enforcement activities step up, it is imperative for all companies to take their privacy and data security obligations seriously and diligently.
Ask Clarip today how we can solve your biggest privacy compliance pain points, Call Clarip at 1-888-252-5653
