Log in

Data Breach Portal Launch in Massachusetts


Mitch Wein

Per the 2007 Massachusetts Data Breach Notification Law, the Massachusetts Attorney General needs to be notified by mail by any company storing MA residents’ personal data if this data is compromised or breached in any way. Massachusetts has now extended this by adding a data breach reporting portal. The MA law is much less extensive than the NY State Cybersecurity law.

The new MA portal highlights the need for insurance carriers to keep up with regulatory changes not just from state insurance regulators, but also general state data and financial service regulations that apply to any type of firm. The reporting requirements are different from state to state, as are the penalties for not complying. NY recently extended their regulations to credit reporting agencies because of the Equifax breach. MA had an enforcement action toward Equifax in late 2017 under their data breach notification law.

We are seeing an increased focus on data: How data is categorized, stored, governed, secured, and reported drives a firm’s ability to avoid data breaches. Insurers need a CISO who owns the security practice and programs. Additionally, carriers will need someone who owns data at an enterprise level (possibly a Chief Data Officer) to ensure effective data governance. The CDO and CISO should be working together to avoid data breaches, detect when breaches do happen, remediate the situation effectively, and report breaches in a timely way that complies with each state’s regulations. In MA, the new portal will help with timely reporting of breaches.

As we have mentioned in the past, security risk, including the risk of data breaches, puts the firm’s reputation and the careers of C-level executives at risk, all the way up to the CEO. Insurance carriers can no longer avoid dealing with security and data challenges.

This entry was posted in Blog and tagged , , , , , by Mitchell Wein.
Bookmark the permalink.

About Mitchell Wein

Mitch Wein is a Vice President of Research and Consulting at Novarica. Prior to Novarica he served in a series of senior technology management positions at major insurance and banking firms including AXA from 2004-2014 where he was the Interim CIO of AXA Ireland in Dublin, the Chief Architect and Head Of CTO for AXA UK in London and the CTO of AXA Equitable in the US. Prior to AXA, Mitch served as CTO for the Domestic Brokerage Group and Domestic Personal Lines at AIG. Mitch holds a BS in Finance and a MBA in Information Systems both from Fordham University. He can be reached directly at