Section 274.12 - Reporting Requirements(1) The Division shall issue orders, guidelines and forms relative to the content of information that a TNC shall report to the Division.(2) Annually, a TNC shall report to the Division the following:(a) By February 1st of each calendar year, a TNC shall submit a report for the number of Rides from the previous calendar year, including: 1. City or town where each Ride originated;2. City or town where each Ride ended;3. Aggregated and anonymized trip route and length (miles and minutes); and4. Location of Vehicle accidents;(b) By March 31st of each calendar year, a TNC shall report its intrastate operating revenues for the previous calendar year. If a TNC fails to report its intrastate operating revenues to the Division by March 31st of any calendar year, the Division may estimate a TNC's intrastate operating revenues. A TNC's intrastate operating revenue shall include but not be limited to any Rider picked up at the following: 4. Any other kind of port.(3) A TNC shall report monthly to the Division a detailed accounting of all Driver and Rider complaints, received through any means, and the actions that the TNC has taken, if any, to resolve said complaints.(4) A TNC shall report the following to the Division immediately:(a) A Driver suspension pursuant to M.G.L. c. 159A1/2, § 4(e); and(b) Receipt of a Driver violation of any aspect of M.G.L. c. 159A1/2 or 220 CMR 274.00.(5) In the event of a breach of security or unauthorized disclosure involving a Driver or Rider's personal information, as defined in 220 CMR 274.10(1), a TNC shall notify the Division as soon as practicable and without unreasonable delay, and notify the Division upon compliance with M.G.L. c. 93H, § 3. A breach of security shall be the unauthorized acquisition or unauthorized use of unencrypted data or encrypted electronic data and the confidential process or key that is capable of compromising the security, confidentiality or integrity of personal information, maintained by a TNC, or on the TNC's behalf, that creates a substantial risk of identity theft or fraud. A good faith but unauthorized acquisition of personal information by or on behalf of a TNC, or employee or agent thereof, for the lawful purposes of such TNC, is not a breach of security unless the personal information is used in an unauthorized manner or subject to further unauthorized disclosure. A breach shall not include the authorized use of personal information for which the TNC obtained consent under 220 CMR 274.10(2). A TNC may delay disclosure as necessary pursuant to M.G.L. c. 93H, § 4.Adopted by Mass Register Issue 1348, eff. 9/22/2017.Amended by Mass Register Issue 1350, eff. 9/22/2017.