Massachusetts data breach notifications

Persons holding personal information about Massachusetts residents must notify the Office of Consumer Affairs and Business Regulation and the Attorney General following discovery of a breach.

How DisclosureLens indexes Massachusetts filings

Massachusetts is in the Tier-2 ingestion queue. Historical filings will backfill when ingestion goes live. The main DisclosureLens feed already covers SEC, HHS OCR, 17 US state AGs, and ransomware leak sites; subscribe via the main feed to be alerted when Massachusetts comes online.

Extraction provenance

Extracted records carry per-field source citations into the Massachusetts AG notice they came from, plus a per-record confidence score and a full extraction audit trail. Massachusetts filings inherit the same BreachDisclosure v1 schema as SEC 8-Ks, HHS OCR notices, and EU DPA registers — same fields, same provenance metadata, deduped against same-incident filings in other jurisdictions. Full pipeline details: Sources & Methodology.

Statute

M.G.L. c. 93H

Authoritative source

https://www.mass.gov/lists/data-breach-reports

Corrections

Email corrections@disclosurelens.com — 48-hour SLA from receipt.