Skip to main content

Massachusetts Information Security and Privacy Act Sent to “Study”

It does not look as though Massachusetts will be state number 6 to enact a comprehensive data privacy law – or at least not the one that people have been talking about.  The Massachusetts Joint Committee on Health Care Financing has voted to send House Bill 4514, An Act Establishing the Massachusetts Information Security and Privacy Act to “study.”  This action by the influential legislative committee signals that this particular bill is not likely to advance during the current legislative session which concludes at the end of the calendar year.

HB 4514 would have updated and expanded many data privacy and security laws in Massachusetts and would have impacted consumers and businesses alike.  For example, the bill would have mandated that companies provide notices on how customers’ personal information is used and would have limited how such information could be used.  The bill would have provided consumers with a right to opt-out of targeted advertising and would have established a private right of action for security breaches.

By taking this action, the Health Care Financing Committee is keeping HB 4514 under its purview but, contrary to the designation of a “study”, will not further review the merits of the bill.  The bill is essentially shelved by the committee.  However, there are a variety of procedural and tactical ways in which the provisions of this bill could be revived in the coming months; for instance, any legislator could file the bill or any of its provisions as an amendment to any other relevant bill that may be advancing in the legislature.  In addition, there is a nearly identical bill under review in the Massachusetts Senate, S. 2687.  Thus, there is still an outside chance that the legislature could debate and pass legislation related to data privacy and security before the end of the year.

Stay tuned and Mintz/ML Strategies will continue to monitor the developments of this important issue.

Subscribe To Viewpoints


Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.

Daniel J. Connelly

ML Strategies - Senior Vice President and Compliance Officer

Dan represents trade associations and businesses across industries with interests before the executive, legislative, regulatory, and municipal areas of government throughout New England.