Data Privacy and Cybersecurity
relative to Consumer Data Privacy
Based on California’s new law (CCPA), MA residents would be entitled to certain rights over use of their personal information by a business that either: (1) has annual gross revenues in excess of $10 million, or (2) derives 50 % or more of its annual revenues from third party disclosure of consumers’ personal information. Consumers would have rights to access, delete or transfer their data to another service. Businesses would be required to provide notice to consumers up front about their practices and allow consumers to opt-out of the sale or sharing of their data with third parties.
Establishing a Moratorium on Face Recognition and Other Remote Biometric Surveillance Systems
This would establish a moratorium on unregulated government use of face recognition and other biometric monitoring technologies until the legislature determines regulations to address technical and civil liberties issues.
relative to the Cybersecurity of the Internet Connected Devices and Autonomous Vehicles
This requires the Department of Consumer Affairs and Business to promulgate regulations requiring minimum cybersecurity standards for all consumer internet-connected devices to protect consumer personal information. These regulations would also cover autonomous vehicles.
relative to access to a Decedent's Electronic Accounts
relative to social media privacy
This would prohibit employers and educational institutions from demanding access to private social media accounts as a condition of employment or learning opportunities.
relative to Cybersecurity Insurance Preference in State Contracts
This will give preference in awarding state contracts to those information technology vendors who demonstrate they have obtained cybersecurity insurance.
Promoting Net Neutrality and Consumer Protection
This bill relies on transparency and competition to incentivize Internet Service Providers (ISP) to adopt best practices for net neutrality and consumer privacy. Under FCC rules, ISPs are required to make certain technical disclosures. This bill will create an ISP Registry at the Department of Telecommunications and Cable (DTC), which will use the FCC filings to create a grading system. Scores will be public, and if an ISP adheres to best practices as determined by DTC, they may display the “Massachusetts Net Neutrality and Consumer Privacy Seal.” State agencies would be required to consider ISP net neutrality and privacy practices before entering into an internet service contract. And, the bill clarifies that municipal light plants are allowed to build and manage their own ‘last mile’ internet networks.
relative to Blockchain and Cryptocurrencies
This will create a special commission to study and make recommendations on the use of blockchain technology and acceptance of cryptocurrency transactions by state and local governments. The commission will review current policies on electronic storage of government records and registries, the legal validity and admissibility of data stored in blockchain; the potential for state and local agencies, and businesses and individuals, to make and accept cryptocurrency payments; how to apply sales tax to cryptocurrency transactions; and how to address the intense energy consumption associated with cryptocurrencies.
relative to the Use of Administrative Subpoenas to Obtain Telephone and Internet Records Without Judicial Review
This bill requires District Attorneys and the Attorney General to annually report on their office’s use of administrative subpoenas