On November 21, 2014, Massachusetts Attorney General Martha Coakley announced that Boston hospital Beth Israel Deaconess Medical Center has agreed to a settlement related to a data breach that affected the personal and protected health information of nearly 4,000 patients and employees.
Continue Reading

On March 11, 2013, in Tyler v. Michaels Stores, Inc., the Massachusetts Supreme Judicial Court effectively reinstated the suit against the retailer by answering favorably for the plaintiff three certified questions from the United States District Court for the District of Massachusetts regarding Massachusetts General Laws Chapter 93, Section 105(a) entitled “Consumer Privacy in Commercial Transactions” (“Section 105(a)”). The court ruled that (1) a ZIP code constitutes personal identification information under the Massachusetts law; (2) a plaintiff may bring an action for a violation of the Massachusetts law absent identity fraud; and (3) the term “credit card transaction form” refers equally to electronic and paper transaction forms. The Massachusetts court’s determination that a ZIP code constitutes personal identification information is similar to the determination in Pineda v. Williams-Sonoma Stores, Inc., in which the California Supreme Court held that ZIP codes are “personal identification information” under California’s Song-Beverly Credit Card Act. More than 15 states, including Massachusetts and California, have statutes limiting the type of information that retailers can collect from customers.
Continue Reading

On January 6, 2012, a federal court in Massachusetts dismissed a customer-plaintiff’s complaint alleging that Michaels’ in-store information collection practices violated Massachusetts law. Although the court found that customer ZIP codes may constitute personal information for purposes of the law, it ruled that the plaintiff had failed to demonstrate any cognizable injury.
Continue Reading