SD 341

Based on California’s new law (CCPA), MA residents would be entitled to certain rights over use of their personal information by a business that either: (1) has annual gross revenues in excess of $10 million, or (2) derives 50 % or more of its annual revenues from third party disclosure of consumers’ personal information. Consumers would have rights to access, delete or transfer their data to another service. Businesses would be required to provide notice to consumers up front about their practices and allow consumers to opt-out of the sale or sharing of their data with third parties.

SD 671

This would establish a moratorium on unregulated government use of face recognition and other biometric monitoring technologies until the legislature determines regulations to address technical and civil liberties issues.

SD 612

This requires the Department of Consumer Affairs and Business to promulgate regulations requiring minimum cybersecurity standards for all consumer internet-connected devices to protect consumer personal information. These regulations would also cover autonomous vehicles.

SD 524

This permits reasonable access by a personal representative to the contents of a decedent’s email solely for legally prescribed fiduciary purposes. This will overrule any service provider’s contractual limitations, terms and conditions or privacy policy, unless the decedent accepted specific opt-out language separate from the standard use agreement.  This would not supersede any language in the decedent’s will to the contrary. 

SD 604

This would prohibit employers and educational institutions from demanding access to private social media accounts as a condition of employment or learning opportunities.

SD 610

This will give preference in awarding state contracts to those information technology vendors who demonstrate they have obtained cybersecurity insurance.

SD 603

This bill relies on transparency and competition to incentivize Internet Service Providers (ISP) to adopt best practices for net neutrality and consumer privacy. Under FCC rules, ISPs are required to make certain technical disclosures. This bill will create an ISP Registry at the Department of Telecommunications and Cable (DTC), which will use the FCC filings to create a grading system. Scores will be public, and if an ISP adheres to best practices as determined by DTC, they may display the “Massachusetts Net Neutrality and Consumer Privacy Seal.” State agencies would be required to consider ISP net neutrality and privacy practices before entering into an internet service contract. And, the bill clarifies that municipal light plants are allowed to build and manage their own ‘last mile’ internet networks.

SD611

This will create a special commission to study and make recommendations on the use of blockchain technology and acceptance of cryptocurrency transactions by state and local governments. The commission will review current policies on electronic storage of government records and registries, the legal validity and admissibility of data stored in blockchain; the potential for state and local agencies, and businesses and individuals, to make and accept cryptocurrency payments; how to apply sales tax to cryptocurrency transactions; and how to address the intense energy consumption associated with cryptocurrencies.

SD 670

This bill requires District Attorneys and the Attorney General to annually report on their office’s use of administrative subpoenas