Header graphic for print
Privacy Law Blog

Posts by

Massachusetts Jury Finds Violation of Stored Communications Act and Massachusetts Privacy Laws

Posted in Electronic Communications, Privacy Litigation

In January 2011, David Cheng (Plaintiff) filed a lawsuit against his former co-worker and fellow radiologist, Laura Romo (Defendant), alleging a violation of the Stored Communications Act (SCA) and Massachusetts privacy law.  After the U.S District Court of Massachusetts denied Defendant’s motion for summary judgment on both counts, the case went to trial and the… Continue Reading

Massachusetts AGO Enters Into Another Settlement For Data Security Violations

Posted in Data Breaches, Data Privacy Laws, HIPAA, Medical Privacy

For the fourth time since the Massachusetts data security regulations took effect in March 2010, the Massachusetts Attorney General’s Office (“AGO”) has settled allegations that Massachusetts-based entities violated the regulations.  On January 7, 2013, Suffolk Superior Court approved consent judgments pursuant to which five entities agreed to collectively pay $140,000 to settle allegations that they… Continue Reading

Alternative Trading System Agrees to Pay $800K for Failure to Protect Confidential Information

Posted in Data Privacy Laws, Financial Privacy

Earlier this month, the Securities and Exchange Commission (“SEC”) instituted public administrative and cease and desist proceedings against eBX, LLC (“eBX”), a broker-dealer registered with the SEC.  eBX operates LeveL ATS, an alternative trading system (“ATS”) known as a “black pool,” which is a proprietary market where traders may exchange large blocks of stock with… Continue Reading

California District Court Dismisses Privacy Class Action Lawsuit Against LinkedIn

Posted in California, Invasion of Privacy, Online Privacy

A California District Court has dismissed with prejudice a class action lawsuit filed against LinkedIn on behalf of its registered users, finding the allegations too speculative to sustain a lawsuit. An earlier Complaint filed by one of the representative Plaintiffs was dismissed by the Court without prejudice, allowing the Plaintiff to amend the Complaint and bring… Continue Reading

Massachusetts Hospital Agrees to Pay $775,000 for Security Breach

Posted in Data Breaches

Following a two year investigation by the Massachusetts Attorney General’s Office (“AGO”), a local Massachusetts hospital has agreed to pay $775,000 to resolve allegations that it failed to protect the personal and confidential health information of more than 800,000 consumers. The investigation and settlement resulted from a data breach disclosed by South Shore Hospital in 2010,… Continue Reading

Massachusetts AGO Stresses the Importance of Encryption

Posted in Data Breaches, Data Privacy Laws

 The Massachusetts Attorney General’s Office ("AGO") has entered into an Assurance of Discontinuance (the "Settlement") with a Massachusetts company after allegations that the company failed to adequately protect personal information of Massachusetts residents. The AGO alleged that an employee of Maloney Properties, Inc. ("MPI") stored unencrypted personal information on a company laptop, and failed to… Continue Reading

Massachusetts Data Security Regulations: Deadline To Update Service Provider Contracts Is Fast Approaching

Posted in Data Privacy Laws

The deadline for compliance with a key requirement of the Massachusetts Data Security Regulations is only a month away. By March 1, 2012, contracts must require that certain service providers implement and maintain appropriate security measures to protect personal information. This alert summarizes the requirements that will become effective as of March 1, 2012. Read… Continue Reading

Anderson v. Hannaford: Plaintiff Customers May Recover Mitigation Costs Of Data Breach

Posted in Data Breaches

Plaintiff customers in litigation stemming from Hannaford Brothers, Co.’s 2007 data breach were handed a partial victory by the First Circuit on October 20th. The Court held that plaintiffs’ claims for negligence and implied contract should survive Hannaford’s motion to dismiss because plaintiffs’ reasonably foreseeable mitigation costs constitute a cognizable claim for damages under Maine… Continue Reading

Massachusetts AG Says Having a WISP is Not Enough to Comply With Massachusetts Data Security Regulations

Posted in Data Privacy Laws

The Massachusetts Attorney General’s Office and Belmont Savings Bank have agreed to resolve allegations that Belmont Savings Bank has violated the Commonwealth’s stringent data security regulations (see our post about 201 CMR 17.00 here) through an Assurance of Discontinuance, which has been filed in Massachusetts state court (see document here). Belmont Savings Bank has agreed… Continue Reading

Application of New Massachusetts Data Security Regulations to Out-of-State Businesses

Posted in Data Privacy Laws

Massachusetts’s new data security regulations, effective as of March 1, 2010, currently set forth the country’s most stringent requirements for protecting data. Extending beyond what is required by other states, Massachusetts specifies that, for example, covered entities must implement a written information security program and must encrypt personal information that will be transmitted over the Internet,… Continue Reading