Saving the World (and Digital Privacy) One State at a Time

Massachusetts proposes new data security bill to protect residents



Mark DiMattei



Private Eye by Brian K. Vaughan is a comic book about society coming to an end because the digital cloud bursts and all our private information becomes public. It’s a world where the Internet doesn’t exist, people are extremely careful about their identity, and everyone is masked for their safety.


While we all wear masks in the real world (if for a different reason), the other parts of Vaughan’s story aren’t too far from the truth. We’ve all had moments where we Google something (or even just mention it in passing near our phone) only to have a targeted ad appear on our Facebook page. We’ve received spam calls or odd group texts for numbers that we don’t know because someone sold our phone number from one site to another. We’re just one evil company abusing our data away from our own digital dystopia.


To help combat this bleak future, many states (and countries) have started to draft data protection bills as a means of protecting the public. Massachusetts is the fourth US state—after California, Colorado, and Virginia—to propose such a law. Called the Massachusetts Information Privacy and Security Act (MIPSA), it is a digital privacy bill that would protect residents by:

  • Granting MA residents the right to opt-out from having their personal information sold or participating in targeted advertising
  • Gaining the right to limit how companies use and disclose sensitive information, such as location data, biometrics, and race/demographics
  • Requiring an opt-in consent structure for sales of sensitive information
  • Offering greater protection for children under the age of 16 years (where an opt-in consent is required for companies to use their information)
  • Giving the user the right to access, delete, and correct personal information that a company maintains about them

Failure to do so would result in substantial fines.


Ultimately, companies would need to provide clear, easy-to-understand privacy notices that explicitly detail how personal information is being collected, used, sold, and how MA residents can opt-out if they want. Additionally, they would be required to conduct regular risk assessments for high-risk practices, such as the sale of personal information, and data brokers would need to register with the Attorney General’s office so they can provide their privacy practices.


While the bill is still being discussed (as of writing, it has been referred to the state’s committee on Advanced Information Technology, the Internet, and Cybersecurity), there is no reason to think that it won’t pass when presented to voters. Everyone across the US (if not the world) is concerned with digital privacy and how their data is being used. Hell, it was only a short time ago that we wrote a blog about the National Cybersecurity Alliance’s Data Privacy Day becoming Data Privacy Week. Regardless of if it passes or not, consumers should be approaching every call for their personal information with caution. But it doesn’t hurt to have some legislation in place so that we don’t destroy everything we’ve built…


Log in to the InfoCenter to view research on cybersecurity or follow these links to explore our blogs and podcasts on the matter. If you’re not a subscriber, just send us an email at for more info.