On May 24, 2012, Massachusetts Attorney General Martha Coakley announced that South Shore Hospital agreed to a consent judgment and $750,000 payment to settle a lawsuit stemming from a data breach that occurred in February 2010.
Continue Reading Massachusetts Hospital Settles Data Breach Lawsuit
Massachusetts
Massachusetts Attorney General Announces $15,000 Settlement with Property Management Firm
Posted on
On March 21, 2012, Massachusetts Attorney General Martha Coakley announced that Maloney Properties Inc. executed an Assurance of Discontinuance and agreed to pay $15,000 in civil penalties following an October 2011 theft of a company-issued unencrypted laptop. …
Continue Reading Massachusetts Attorney General Announces $15,000 Settlement with Property Management Firm
Massachusetts Court Dismisses ZIP Code Suit for Failure to Allege a Cognizable Injury
Posted on
Posted in Information Security, U.S. State Law
On January 6, 2012, a federal court in Massachusetts dismissed a customer-plaintiff’s complaint alleging that Michaels’ in-store information collection practices violated Massachusetts law. Although the court found that customer ZIP codes may constitute personal information for purposes of the law, it ruled that the plaintiff had failed to demonstrate any cognizable injury.
Continue Reading Massachusetts Court Dismisses ZIP Code Suit for Failure to Allege a Cognizable Injury
Massachusetts Attorney General Announces $7,500 Data Breach Settlement with Belmont Savings Bank
Posted on
On July 29, 2011, Massachusetts Attorney General Martha Coakley announced a settlement with Belmont Savings Bank. The settlement stems from a May 2011 data breach that affected the personal information of more than 13,000 Massachusetts residents.
…
Continue Reading Massachusetts Attorney General Announces $7,500 Data Breach Settlement with Belmont Savings Bank
Massachusetts Attorney General Reaches $110,000 Data Breach Settlement with Boston Restaurant Group
Posted on
On March 28, 2011, Massachusetts Attorney General Martha Coakley announced a settlement with the Briar Group in connection with a 2009 data breach that jeopardized the payment card information of “tens of thousands” of consumers.
…
Continue Reading Massachusetts Attorney General Reaches $110,000 Data Breach Settlement with Boston Restaurant Group
Massachusetts Information Security Regulations Take Effect on March 1, 2010
Posted on
After several delays and revisions, the Massachusetts information security regulations, entitled “Standards for the Protection of Personal Information of Residents of the Commonwealth,” will take effect on March 1, 2010. The regulations apply to entities that own or license personal information about Massachusetts residents. “Personal information” is defined as a combination of a resident’s first and last name and Social Security number, driver’s license or state ID number, or financial account number or payment card number that permits access to the individual’s financial account.
Continue Reading Massachusetts Information Security Regulations Take Effect on March 1, 2010
Massachusetts Regulator Revises Information Security Requirements (Again)
Posted on
On October 30, as reported by the Bureau of National Affairs (“BNA”), the Massachusetts Office of Consumer Affairs and Business Regulation stated that final amendments to its information security regulations had been filed with the Massachusetts Secretary of State. The Standards for the Protection of Personal Information of Residents of the Commonwealth have been the subject of much commentary and a series of amendments as regulators seek to address concerns expressed by businesses over the stringent and specific nature of the regulations. The most recent round of amendments was announced August 17, 2009.
Continue Reading Massachusetts Regulator Revises Information Security Requirements (Again)
Massachusetts Revises Information Security Regulations and Extends Deadline for Compliance
Posted on
On August 17, 2009, Massachusetts announced revisions to its information security regulations and extended the deadline for compliance with those regulations. In the press release announcing the revised regulations, the Undersecretary of the Massachusetts Office of Consumer Affairs and Business Regulation noted the concerns of small business leaders regarding the impact on their companies, stating that the updated regulations “feature a fair balance between consumer protections and business realities.”Continue Reading Massachusetts Revises Information Security Regulations and Extends Deadline for Compliance
Compliance Deadline Extended for Massachusetts Data Security Regulations
Posted on
Posted in Information Security, U.S. State Law
Massachusetts recently announced that it is extending the deadline for compliance with new state data security regulations. In consideration of the current economic climate, Massachusetts has extended its original compliance deadline of January 1, 2009. The new compliance deadline will be phased in. By May 1, 2009, companies that are subject to the regulations must generally comply with the new standards and must contractually ensure the compliance of their third-party service providers. In addition, by May 1, 2009, covered businesses must encrypt laptops containing personal information. By January 1, 2010, companies are required to have a written certification of compliance from their third-party service providers and must encrypt other company portable devices, such as memory sticks and PDAs.
Continue Reading Compliance Deadline Extended for Massachusetts Data Security Regulations