The Commonwealth of Massachusetts’ Office of Consumer Affairs and Business Regulations has issued a report regarding data breach notifications made under the state’s recently enacted law, Massachusetts General Laws Chapter 93H. You can read the report below:

The report looks back on the 10 months during which the law has been in effect. Under the law, entities who have suffered a data security breach must notify the Attorney General’s Office of Consumer Affairs and Business Regulation. That office has received 318 such notices, of which only 3% involved data that was encrypted when breached. More than 60% of the notices concerned breaches occasioned by intentional acts such as theft.

The lessons to be learned are clear: hackers and other dedicated individuals willing to search for and steal data are becoming more prevalent, yet the use of encryption to protect data is apparently not. To the extent this report is a fair snapshot of data breach trends generally, it appears that plenty of work remains to be done by business.