Massachusetts Makes Data Breach Records Public Online
The state of Massachusetts has upped the ante on data breach transparency: The Office of Consumer Affairs and Business Regulation has decided to make reports of potential identity theft available to the public on its website.
Previously, those reports could only be accessed by a public records request.
State law requires that any organization that keeps personal information about a Massachusetts resident notify state officials, as well as affected customers, any time that information is compromised. This includes external hacking incidents, unintentional data leakage and insider mistakes, among other scenarios. It also includes incidents outside of the cyberworld—say, if a briefcase with papers is stolen or misplaced.
Hundreds of data breaches affecting thousands of Massachusetts residents were reported to the state in 2016, and information on all of them is now available in a handy spreadsheet format that details how many residents were affected, what kind of information was lost, whether the organization in question provided credit monitoring, and more.
Massachusetts has been out on front in cybersecurity, recently offering a $5 million grant that will be used to bolster cyber-research and the computing technology used by the University of Massachusetts.
“Cybersecurity has no boundaries. It is a global issue and a global fight in some respects,” Gov. Charlie Baker, speaking as the grant was announced at the UMass Center in Springfield, Mass., in 2016. He said, “The more information that becomes digitized, the more opportunity for mischief and chaos and disaster associated with cyberterrorism.”
It also recently announced plans to partner with Israel’s CyberSpark to work on development, research and training related to cybersecurity. During a stop on Baker’s Economic Development Mission to Israel, economic development leaders took part in the signing of a memorandum of understanding (MOU) between the Massachusetts Technology Collaborative and CyberSpark, a non-profit made up of academic, industry and government resources.
Photo © Lukas Staffanski
Source: Information Security Magazine