The Commonwealth of Massachusetts this week made an important step toward improving data breach transparency, as the Office of Consumer Affairs and Business Regulation (OCABR) made its Data Breach Notification Archive publicly available online.
As its name suggests, the Data Breach Notification Archive was meant to keep records of accidental or intentional/malicous compromise of personal information. The archive was built as notifications came from entities that keep a Massachusetts resident’s personal information, because all are required by the Massachusetts Data Security Law to notify affected residents, OCABR, and the Attorney General’s Office of such incidents.
Previously, the information maintained by OCABR was available only through Public Records Requests, but that changed yesterday when the archive became publicly accessible.
The data breach reports are available on OCABR’s website in the form of PDF files that include information on when the breach was reported, the affected organization, the number of impacted residents, and information on the type of compromised personal information.
The reports include details on cyber-attacks, as well as information on incidents that occur in the physical word. Information on external hacks, unintentional data leaks, insider attacks, misplaced documents or devices, and other similar incidents is included in these reports.
Data included in the reports was gathered from various industries, including financial, manufacturing, retail, healthcare, hospitality, education, and more. Each entry is marked as an electronic (cyber) compromise or not.
A quick look at the 2016 Data Breach Report (PDF) shows that hundreds of such incidents have been reported last year, and that tens of thousands of Massachusetts residents were affected. Some 33,000 were impacted by the malware attack that hit Eddie Bauer stores, for example, while the Omni Hotels incident impacted only 1,000.
“The Data Breach Notification Archive is a public record that the public and media have every right to view. Making it easily accessible by putting it online is not only in keeping with the guidelines suggested in the new Public Records law, but also with Governor Baker’s commitment to greater transparency throughout the Executive Office,” Consumer Affairs Undersecretary John Chapman said.