Morrison Mahoney Of Counsel Steven Bolotin was quoted in a front page story by Mass. Lawyers Weekly about changes to Massachusetts’ data breach law, mandating credit monitoring services. As of April 10, 2019, organizations and companies that have personal information of Massachusetts residents will need to adjust their notification procedures by that date to come into compliance with the revised law.
“New data breach law raises stakes for businesses,” by Pat Murphy discusses the amendments to the state’s data breach law that went into effect last month that require an organization to provide additional services for individuals and greater disclosures to state regulators when a data breach occurs. Steven said it remains to be seen how that statutory language will be interpreted by the courts.
“It doesn’t allow a waiver of requirements under the law. However, it does appear that it will still allow some measure of negotiation as to how any disputes over compliance with the law will be resolved,” said Bolotin.
"'It doesn’t allow a waiver of requirements under the law. However, it does appear that it will still allow some measure of negotiation as to how any disputes over compliance with the law will be resolved,' said Bolotin. 'For example, it still may allow arbitration provisions to be enforced as long they are enforceable in court and they meet the basic fairness tests that have been recently applied to arbitration in consumer contracts.'
He suggested that the change in the law presents an opportunity for companies to take a hard look at their insurance policies covering cybersecurity risks.
'There can be extreme variance as to what is and what is not covered under so-called ‘cyber’ policies,' he said. 'People buy cyber policies thinking they’re set in the event they have damages to pay because of a data breach, only to find that they’re only really covered for their own internal costs getting themselves back up and running.'"
To read the full article (subscription may be required), please click here.