1 of 1
HOUSE DOCKET, NO. 4038 FILED ON: 1/17/2025
HOUSE . . . . . . . . . . . . . . . No. 2687
The Commonwealth of Massachusetts
_________________
PRESENTED BY:
David M. Rogers
_________________
To the Honorable Senate and House of Representatives of the Commonwealth of Massachusetts in General
Court assembled:
The undersigned legislators and/or citizens respectfully petition for the adoption of the accompanying bill:
An Act relative to protecting Massachusetts residents against federal government surveillance.
_______________
PETITION OF:
NAME:DISTRICT/ADDRESS :DATE ADDED:David M. Rogers24th Middlesex1/17/2025Patrick Joseph Kearney4th Plymouth1/17/2025 1 of 7
HOUSE DOCKET, NO. 4038 FILED ON: 1/17/2025
HOUSE . . . . . . . . . . . . . . . No. 2687
By Representative Rogers of Cambridge, a petition (accompanied by bill, House, No. 2687) of
David M. Rogers and Patrick Joseph Kearney relative to personal data access by criminal justice
agencies. Public Safety and Homeland Security.
The Commonwealth of Massachusetts
_______________
In the One Hundred and Ninety-Fourth General Court
(2025-2026)
_______________
An Act relative to protecting Massachusetts residents against federal government surveillance.
Be it enacted by the Senate and House of Representatives in General Court assembled, and by the authority
of the same, as follows:
1 SECTION 1. Section 1 of chapter 66A of the General Laws, as appearing in the 2020
2Official Edition, is hereby amended by inserting after the definition of “Automated personal data
3system,” the following definition:-
4 “Commonwealth fusion center”, an entity established in executive order no. 476 within
5the criminal information section of the department of state police, established in section 38 of
6chapter 22C, and under the direction of the executive office of public safety and security, or any
7successor entity.
8 SECTION 2. Said section 1 of said chapter 66A, as so appearing, is hereby further
9amended by inserting after the definition of “Criminal intelligence agency,” the following 2
10definitions:-
11 “Criminal intelligence information”, data collected on an individual or organization that
12is reasonably suspected of involvement in criminal activity for the purpose of their identification 2 of 7
13or for acquiring evidence of their criminal activity. Reasonable suspicion is established when
14information exists that establishes sufficient facts to give a trained law enforcement or criminal
15justice agency officer, investigator or employee a basis to believe that there is a reasonable
16possibility that an individual or organization is involved in a definable criminal activity or
17enterprise.
18 “Criminal intelligence system”, the arrangements, equipment, facilities and procedures
19used for the receipt, storage, interagency exchange or dissemination, and analysis of criminal
20intelligence information, including the commonwealth fusion center, the Boston Regional
21Intelligence Center, any successor entities and any other entities in the commonwealth bound by
22the provisions of 28 CFR Part 23.
23 SECTION 3. Said section 1 of said chapter 66A, as so appearing, is hereby further
24amended by striking out the definition of “Personal data,” and inserting in place thereof the
25following definition:-
26 “Personal data”, any information concerning an individual that, because of a name,
27identifying number, mark or description, can be readily associated with a particular individual;
28provided however, that personal data shall not include information that would reasonably be
29expected to: (i) interfere with an ongoing criminal investigation or other law enforcement
30proceeding; (ii) constitute a clearly unwarranted invasion of personal privacy; (iii) disclose the
31identity of a confidential source; or (iv) endanger the life or physical safety of any individual.
32 SECTION 4. Said section 1 of said chapter 66A, as so appearing, is hereby further
33amended by adding the following definition:- 3 of 7
34 “Protected information”, information about the political, religious or social views,
35associations or activities of any individual, group, association, organization, corporation,
36business or partnership or other entity.
37 SECTION 5. Said chapter 66A is hereby further amended by inserting after section 2 the
38following 6 sections:-
39 Section 2A. At least once annually, every criminal intelligence system shall conduct an
40internal audit and publish a report based on the results. This audit shall include:
41 (i) for each database that contains personal data: (1) the number of authorized users; (2)
42each user’s level of access; (3) the quantity of data accessed by each user on a weekly basis; (4)
43the number of transactions performed of each specified transaction type for each unique user and
44access location; (5) the quantity of data collected and maintained from each unique source; and
45(6) the frequency of use in an investigation of data from each source;
46 (ii) the numbers of investigations authorized and denied under paragraph (4) of
47subsection (b) of section 2C, and the dates of initiation and closure for each of these
48investigations;
49 (iii) the number of investigations authorized under said paragraph (4) of said subsection
50(b) that remain open, the date of initiation of the investigation for each open investigation, the
51length of time the investigation has remained open and a justification for continued collection or
52maintenance of protected information; 4 of 7
53 (iv) the number of investigations authorized under said paragraph (4) of said subsection
54(b) that have led to indictments or prosecutions, and the names and docket numbers of resulting
55court proceedings; and
56 (v) the number of authorized disseminations under paragraph (3) of said subsection (b),
57and to which entity each dissemination was made.
58 Section 2B. Every criminal intelligence system shall provide assistance and unrestricted
59access to the office of the inspector general, who shall submit to the clerks of the house of
60representatives and the senate, the house and senate committees on post audit and oversight, and
61the joint committee on public safety and homeland security a report every 2 years on the
62compliance of criminal intelligence systems with section 2C. The report shall include
63recommendations for corrective action and shall be a public record.
64 Section 2C. (a) No state or local law enforcement agency, as defined in section 1 of
65chapter 6E, prosecutorial office, criminal intelligence system, as defined in section 1, police or
66peace officer or agent thereof shall track, collect, maintain or disseminate protected information,
67unless such information directly relates to an investigation of criminal activities, and there are
68reasonable grounds to suspect the subject of the information is involved in criminal conduct.
69 (b) (1) No protected information obtained in violation of any applicable federal, state or
70local law, ordinance or regulation shall be knowingly accessed, received, maintained or
71disseminated.
72 (2) All protected information shall be evaluated for the reliability of its source and the
73accuracy of its content prior to being included in any investigation file, whether temporary,
74interim or permanent in nature. 5 of 7
75 (3) Protected information shall be disseminated only to law enforcement agencies,
76contingent upon review and prior written authorization by the head of the originating law
77enforcement agency or criminal intelligence system. The originating law enforcement agency
78shall maintain a record of any such written authorization, specifying the reasons the
79dissemination is necessary, for a minimum of 5 years. The originating entity shall record each
80instance of dissemination in a log containing: (i) the method of dissemination; (ii) the name of
81the subject; (iii) the name of the entity with whom the information was shared; and (iv) the date
82of dissemination.
83 (4) All investigations undertaken on the basis of any protected information shall first be
84authorized in writing by the head of the investigating law enforcement agency or criminal
85intelligence system. A record of any such written authorization, specifying the reasons for such
86investigation, shall be maintained in the corresponding investigation file for a minimum of 5
87years.
88 (5) A law enforcement agency or criminal intelligence system shall review all
89information included in its investigation files at least once every 5 years, and shall destroy any
90information that is not reliable, accurate, relevant and timely; provided, that any documents
91related to the authorization for and termination of investigations based in whole or in part on
92protected information collected under this section, and any authorization to disseminate such
93protected information, shall be retained. Information retained in an investigation file after a
94review shall be accompanied by the following documentation: the name of the reviewer, the date
95of review and an explanation of the decision to retain the information. 6 of 7
96 (6) Any violation of this section constitutes an injury and any person may institute
97proceedings for injunctive relief, declaratory relief or writ of mandamus in the superior court. An
98action instituted under this paragraph may be brought against any agency with possession,
99custody or control of personal data, and any person whose data is included in the violation may
100institute proceedings and shall be entitled to recover actual damages not exceeding $2,000 or
101$200 per day for each day of violation, whichever is greater. A court shall award costs and
102reasonable attorneys’ fees to the plaintiff who is the prevailing party in an action brought under
103this paragraph. Violations of this section by a government employee shall result in consequences
104that may include retraining, suspension or termination, in accordance with any memorandums of
105understanding with employee bargaining units.
106 Section 2D. The executive office of public safety and security shall engage an
107independent auditor to select and audit a random sample of the suspicious activity reports held
108by the Boston Regional Intelligence Center, the commonwealth fusion center and the New
109England State Police Information Network, relating to current or former residents of the
110commonwealth. If the auditor finds any of these suspicious activity reports to lack indicia of
111reasonable suspicion of a crime as outlined in 28 CFR part 23.20, the department of state police
112shall suspend cooperation with the entity that produced the report until such time as all records
113held by these agencies pertaining to Massachusetts residents have been reviewed for compliance
114with 28 CFR part 23.20, and such records purged from these agencies’ systems if noncompliant.
115 Section 2E. (a) The commonwealth fusion center shall publish the names of the members
116of its privacy oversight committee. The meetings of the privacy oversight committee shall take
117place at least quarterly, and shall be open to the public. 7 of 7
118 (b) For entities retaining criminal intelligence information, training manuals related to the
119handling of personal data shall be available to the public.
120 Section 2F. Personal data held in a criminal intelligence system shall not be exempt from
121disclosure to the individual concerned, or to their attorney or their heirs, by reason of being held
122in a criminal intelligence system; provided, that disclosure is otherwise proper.
123 Section 2G. After notice and opportunity for a hearing, the office of the inspector general
124may impose a monetary penalty on any person or group found to be in violation of any of the
125provisions of sections two A to two F, inclusive, or of any rules or regulations promulgated
126thereunder. The monetary penalty shall not exceed five hundred dollars for each act or violation.
127The amount of any such monetary penalty shall be paid to the inspector general for general use.
128 SECTION 6. After notice and opportunity for a hearing, the office of the inspector
129general may impose a monetary penalty on any person or group found to be in violation of any of
130the provisions of SECTION 5, inclusive, or of any rules or regulations promulgated thereunder.
131The monetary penalty shall not exceed five hundred dollars for each act or violation. The amount
132of any such monetary penalty shall be paid into the general fund.