Ellen M. Giblin writes:
With the first anniversary of the Massachusetts Data Security Regulations, 201 CMR 17 (pdf)(“Regulations”), coming in March, the International Association of Privacy Professionals (IAPP) recently hosted a panel discussion providing direct access to the Massachusetts Attorney General’s Office and the Office of Consumer Affairs and Business Regulation to discuss their investigations to date and their current approach to enforcement.
[…]
Scott Shafer opened with an overview of the enforcement actions to date and the daily reviews his office conducts. Shafer noted at the outset, the Attorney General’s (AG) current enforcement approach is not audit based due to insufficient resources. However, the AG is receiving a daily average of three to four data breach notifications pursuant to Massachusetts General Laws Ch. 93H (the “Notice Law”), and each breach report is closely reviewed.
Read more on Workplace Privacy Counsel.