The Massachusetts Office of Consumer Affairs and Business Regulation has issued its first annual report on data breaches. Since Massachusetts has one of the more strict state laws on data security and breach reporting, this report bears close attention for trends across the nation. Some of the highlights in this summary, which covers 2007-2011:
- Through September 30, 2011, the largest share of breaches was not in the financial sector, but in the retail and healthcare industries, along with government.
- Since the Data Security law, c. 93H, went into effect, the Office of Consumer Affairs and Business Regulation has tracked the data breach notifications it has received. As of Sept. 30, 2011, there had been 1,833 notifications of security breaches. The number of Massachusetts residents affected by the reported incidents since November 1, 2007 now totals 3,166,031.
- As of September 30, 2011, criminal or malicious breaches totaled 241 of 454 notifications received, 52.5 percent of total breaches reported.
- Encryption is lagging: If all portable devices were encrypted from 2007 to 2011, the number of residents whose personal information was compromised would be remarkably lower by 47 percent or 1,490,308 people. If all portable devices were encrypted from March 1, 2010 the number of compromised residents would have decreased by 29 percent or 909,992 people.