This month, the Governor of Massachusetts signed into law a number of amendments to current state data breach notification legislation. The law, titled “An Act relative to consumer protection from security breaches,” will impose new data breach notification requirements upon companies and mandates that Massachusetts residents receive credit monitoring services at no cost following a breach involving an individual’s Social Security number. The law also and prohibits a company from conditioning free credit monitoring services on a data breach victim’s acceptance of a mandatory arbitration clause. More specifically, the law states:
(b) A person that experienced a breach of security shall not require a resident to waive the resident’s right to a private right of action as a condition of the offer of credit monitoring services.
The Act was passed after a number of large data breaches occurred at companies such as Equifax and Marriott. In both instances, the companies initially offered data breach victims complimentary fraud monitoring services that included a mandatory arbitration provision. Following public outcry, each company indicated the arbitration clause would not apply to a victim’s right to pursue any legal claims related to the data breach in court. You may read more about the Marriott data breach in a previous Disputing blog post.
The new data breach provisions will take effect on April 11th.
Photo by: Joey Csunyo on Unsplash
Related Posts
Marriott Won’t Require Data Breach Victims to Individually Arbitrate Claims
Illinois Appellate Court Holds BIPA Privacy Claims Are Not Arbitrable Under Terms of Parties’ Employment Contract
Another Proposed Class Action Data Breach Lawsuit Ordered to Individual Arbitration
Corpus Christi COA Holds Arbitrator Must Decide Whether Arbitral Clause Was Illusory
Dallas COA Orders Arbitration Based on Electronic Signature and Click Through User Agreement
Fort Worth COA Holds Arbitral Agreement Was Incorporated by Reference in Performance Bond Dispute
