Revisions to the Massachusetts’ data breach law, Chapter 93H, took effect on April 11, 2019.
The amendment details two additional mandates which require that breached entities (1) provide additional information as part of the core notification requirement, including the type of personal information compromised and whether the entity maintains a written information security program (WISP), and (2) offer free credit monitoring services to individuals whose Social Security numbers were compromised.