The Massachusetts Information Privacy and Security Act (“MIPSA”) would add Massachusetts to the growing number of states adopting their own privacy regulations. The proposed legislation is moving from committee to the full legislature and has bipartisan support.
MIPSA would give Massachusetts residents the right to opt out of having their personal information sold and having advertising targeted to them. At a high-level, the legislation would create a right to limit how companies can use and share location, biometric and racial data. Massachusetts residents would also get the right to access, delete, correct, or transport personal information that companies collect and maintain about them.
What About Businesses?
As currently drafted, there are minimum size requirements on businesses which apply only if an entity either has global revenue of at least $25 million per year, processes personal information of at least 100,000 Massachusetts residents, or is a data broker that collects and sells sensitive or personal information of at least 10,000 Massachusetts residents.
Individuals will be able to sue data brokers, companies with more than $25 million in annual revenue or those that process the information of 100,000 or more residents, for damages of up to $500 per person or actual damages, whichever is the greater number. There may be an opportunity to eliminate or reduce fines, but only for first time offenders.
In the opinion of Value Privacy, this new legislation trend is going to continue as more states consider the privacy and security rights of citizens. The proposal is based on other state laws and Europe’s GDPR, and each state continues to add components or modify what others have done before them. Companies should be preparing now for what is coming down the road. Stay informed and let Value Privacy help you prepare for the changes ahead.