Skip Navigation
Businessman touching an icon of a shield with a lock in the middle.

Client Alert: Massachusetts Moving Closer to Comprehensive Data Privacy Protection

The Commonwealth of Massachusetts is moving closer to passing consumer data privacy protection legislation with bipartisan support. The Joint Committee on Advanced Information Technology, the Internet and Cybersecurity brought forth the bill named the Massachusetts Information Privacy and Security Act (“MIPSA” or the “Act”).

The Act sets out requirements for companies that utilize consumer personal information, including placing limitations on the usage of such information, providing notice provisions to customers, and placing restraints on the practice of using personal information for a specific purpose. The detailed legislation is intended to provide greater consumer protections for usage of personal identifying information, requirements for companies using personal data as part of a business and enforcement of the new regulations by the Massachusetts Attorney General.

The legislation still requires support from other committees, passage in the legislature and approval by the Governor. Nevertheless, it appears that Massachusetts is moving closer to the passage of this legislation that will create a wide-ranging law governing data privacy and cybersecurity for consumers and companies doing business in Massachusetts. Apparently, the drafters of the legislation intend to have the final version of the Act serve as precedent for comprehensive federal legislation.

Impact on Consumers and Companies

The Act provides Massachusetts residents with the right to opt-out of certain data collection, the sale of personal data and the right to limit the use and disclosure of personal information. Further, the Act provides for a private right of action for individuals to litigate against companies that have over $25 million in annual revenue or companies that process the personal information of 100,000 or more of Massachusetts residents, or businesses that operate as data brokers. The law would also require the registration of data brokers with the Massachusetts Attorney General’s office and provide information regarding the privacy protocols established by a data broker.

The Act provides for governmental enforcement by the Massachusetts Attorney General’s office, who will be empowered to enforce the Act through investigations and the ability to levy fines against companies for failure to abide by the Act.

Bowditch will continue to monitor further developments on the passage of this important legislation. Please contact your Bowditch attorney or the alert author Patrick Tracey with questions or requests for additional information on Data Privacy and Cybersecurity matters.

View All People ›

    To get in touch, please call us at 508-791-3511 or fill out the form below. Fields in orange are required.

    Stay Current

    Subscribe to Bowditch’s updates, alerts and programs.

    Subscribe to All


    You can also follow our Bowditch Blogs. Please subscribe for new post notifications directly on the blogs. They are easily accessible in the main navigation under the Insights+News dropdown.

    An email confirmation will be sent upon submitting this form.