ANA Opposes Onerous Data Breach Bill in Massachusetts

December 4, 2018

On Tuesday December 3rd ANA filed a letter outlining its strong opposition to HB 4873, a significant data breach bill that is moving quickly through the Massachusetts Legislature. HB 4873 was originally vetoed by the Massachusetts Governor. However, it was later reintroduced and passed by the Massachusetts House of Representatives, a highly unusual move, without a “harm trigger” and with a requirement for “rolling notifications” when data breaches occur. This bill would have severe and negative consequences for advertisers and marketers.

The removal of the “harm trigger” means that companies would be forced to notify consumers of data breaches even if there is no significant risk of identity theft or fraud. This would eventually lead to the “over warning” of consumers causing them to ignore data breach notifications that could result in a serious risk. This “over warning” issue is further exacerbated by the requirement for “rolling notifications”. These notifications would require companies to inform consumers shortly after a breach and continue to alert consumers in the future. This leads to numerous notifications for the same breach and creates unavoidable risks for companies attempting to investigate breaches and avoid future instances in the future. Additionally, these “rolling notifications” when combined with the lack of a “harm trigger” can produce higher litigation costs that severely impact companies. This is a clear example where the response to data security concerns substantially increases problems rather than solves them.

If you have any questions about this bill or the increasing number of other state privacy and data security bills, please contact Dan Jaffe (, Chris Oswald (, or Keith Scarborough ( in ANA’s Washington, DC office at (202) 296-1883.

You must be logged in to submit a comment.