Penalties and Enforcement

The Massachusetts Senate began deliberating a new privacy law this year. The Massachusetts Information Privacy Act (MIPA) could be one of the strongest data privacy laws in the United States, if passed. Representatives Andy Vargas and Dave Rogers and Senate Majority Leader Cynthia Creem introduced the bill, which currently sits before the Joint Committee on Advanced Information Technology, the Internet and Cybersecurity.

The bill builds on the enforcement provisions standardized by laws in California, Colorado, and Virginia: The standard rights to know, correct and delete data are present, but the bill would take a wider scope and harsher penalties than that of its predecessors, creating a state Information Privacy Commission, and establishing a private right of action for Massachusetts’ citizens.

The bill also seeks to impose a duty of “confidentiality, care, and loyalty” on data processors, according to the Boston Globe, which notes that the bill “provides for civil penalties on a par with the European Union’s General Data Privacy Regulation, which could hold the largest companies like Facebook accountable for billions for the most serious violations.”

The ACLU of Massachusetts has testified to the senate in support of the bill. Its Technology for Liberty program director, Kate Crockford says that, “without a modern data privacy law, corporations have free rein to track our locations and activities, secretly manipulate our opportunities and choices, and take advantage of our personal information for their own profit.”