House Bill 60 for an Act Establishing the Massachusetts Information Privacy and Security Act, formerly referred to as Bill House Docket ('HD') 3263, was introduced, on 20 January 2023, to the House of Representatives. In particular, the bill would apply to, among others, a controller or processor that conducts business in the Commonwealth of Massachusetts, or where the processing activities of a controller or processor not physically located therein relate to the offering of goods or services that are targeted to individuals or monitors the behaviour of individuals where such behaviour takes place within the Commonwealth of Massachusetts.

More specifically, the bill sets out general principles for processing personal information, lawful bases for processing personal information, and protections for the processing of sensitive information. Accordingly, the bill provides various rights to individuals regarding the processing of their personal information, including the right to a privacy notice at or before the point of collection of an individual's personal information, the right to opt-out of the processing of an individual's personal information for the purposes of sale and targeted advertising, rights to access, transport, delete, and correct personal information, and the right to revoke consent.

In addition, the bill would require controllers in scope to establish, implement, and maintain reasonable policies, practices, and procedures to identify, assess, and mitigate reasonably foreseeable privacy risks and cognisable harms related to their products and services, and carry out and document a risk assessment prior to such processing. With regards to the Attorney General ('AG'), the bill provides the AG with powers to enforce the proposed act, including to issue a civil investigative demand whenever the AG has reasonable cause to believe that an entity has engaged in, is engaging in, or is about to engage in a violation of the act.

Finally, the bill is a companion bill to Senate Bill 227 which was also introduced, on 20 January 2023.

You can download the bill here and track its progress here.