Data Privacy and Cybersecurity

consumer data privacy.jpg

An Act

relative to Consumer Data Privacy

SD 341

Based on California’s new law (CCPA), MA residents would be entitled to certain rights over use of their personal information by a business that either: (1) has annual gross revenues in excess of $10 million, or (2) derives 50 % or more of its annual revenues from third party disclosure of consumers’ personal information. Consumers would have rights to access, delete or transfer their data to another service. Businesses would be required to provide notice to consumers up front about their practices and allow consumers to opt-out of the sale or sharing of their data with third parties.


An Act

Establishing a Moratorium on Face Recognition and Other Remote Biometric Surveillance Systems

SD 671

This would establish a moratorium on unregulated government use of face recognition and other biometric monitoring technologies until the legislature determines regulations to address technical and civil liberties issues.


An Act

relative to the Cybersecurity of the Internet Connected Devices and Autonomous Vehicles

SD 612

This requires the Department of Consumer Affairs and Business to promulgate regulations requiring minimum cybersecurity standards for all consumer internet-connected devices to protect consumer personal information. These regulations would also cover autonomous vehicles.

email access.jpg

An Act

relative to access to a Decedent's Electronic Accounts

SD 524

This permits reasonable access by a personal representative to the contents of a decedent’s email solely for legally prescribed fiduciary purposes. This will overrule any service provider’s contractual limitations, terms and conditions or privacy policy, unless the decedent accepted specific opt-out language separate from the standard use agreement.  This would not supersede any language in the decedent’s will to the contrary. 

social media.jpg

An Act

relative to social media privacy

SD 604

This would prohibit employers and educational institutions from demanding access to private social media accounts as a condition of employment or learning opportunities.

state contracts.jpg

An Act

relative to Cybersecurity Insurance Preference in State Contracts

SD 610

This will give preference in awarding state contracts to those information technology vendors who demonstrate they have obtained cybersecurity insurance.

net neutrality.jpg

An Act

Promoting Net Neutrality and Consumer Protection

SD 603

This bill relies on transparency and competition to incentivize Internet Service Providers (ISP) to adopt best practices for net neutrality and consumer privacy. Under FCC rules, ISPs are required to make certain technical disclosures. This bill will create an ISP Registry at the Department of Telecommunications and Cable (DTC), which will use the FCC filings to create a grading system. Scores will be public, and if an ISP adheres to best practices as determined by DTC, they may display the “Massachusetts Net Neutrality and Consumer Privacy Seal.” State agencies would be required to consider ISP net neutrality and privacy practices before entering into an internet service contract. And, the bill clarifies that municipal light plants are allowed to build and manage their own ‘last mile’ internet networks.


An Act

relative to Blockchain and Cryptocurrencies


This will create a special commission to study and make recommendations on the use of blockchain technology and acceptance of cryptocurrency transactions by state and local governments. The commission will review current policies on electronic storage of government records and registries, the legal validity and admissibility of data stored in blockchain; the potential for state and local agencies, and businesses and individuals, to make and accept cryptocurrency payments; how to apply sales tax to cryptocurrency transactions; and how to address the intense energy consumption associated with cryptocurrencies.


An Act

relative to the Use of Administrative Subpoenas to Obtain Telephone and Internet Records Without Judicial Review

SD 670

This bill requires District Attorneys and the Attorney General to annually report on their office’s use of administrative subpoenas