Privacy Law Blog
Amy Crafts

Amy Crafts

Amy Crafts is an associate in the Litigation Department and focuses on commercial litigation, with a particular emphasis on government investigations, intellectual property and privacy matters. She represents clients in all aspects of litigation, including pre-litigation strategy and negotiation, state and federal trials and appeals, and alternate methods of dispute resolution.

Amy was selected by the Women’s Bar Association of Massachusetts to participate in the 2011-2012 Women’s Leadership Initiative, a program that provides leadership development for women attorneys who have been identified as the rising stars of the profession in Massachusetts. She has also recently been named a Fellow of the Litigation Counsel of America, a trial lawyer honorary society whose membership is limited to 3500 attorneys, less than one-half of one percent of American lawyers.

Amy is a member of the Proskauer Women’s Alliance and the Pro Bono Initiatives Committee. She is also a past member of the Associate Council and the Boston office’s hiring committee. Amy has an active pro bono practice, and leads the firm’s successful 209A Domestic Violence Initiative in collaboration with the Middlesex District Attorney’s Office, for which she has been recognized by both the firm and the Middlesex District Attorney. In addition, Amy is a 2009 graduate of LeadBoston and is recognized as a "Massachusetts Super Lawyers Rising Star" (2009-2012).

Amy is admitted to practice in New York (2004) and Massachusetts (2006), the Southern and Eastern Districts of New York and Massachusetts District Court. Prior to joining Proskauer in 2005, Amy was a litigation associate at Hunton & Williams in New York.

Subscribe to all posts by Amy Crafts

Massachusetts Jury Finds Violation of Stored Communications Act and Massachusetts Privacy Laws

In January 2011, David Cheng (Plaintiff) filed a lawsuit against his former co-worker and fellow radiologist, Laura Romo (Defendant), alleging a violation of the Stored Communications Act (SCA) and Massachusetts privacy law.  After the U.S District Court of Massachusetts denied Defendant’s motion for summary judgment on both counts, the case went to trial and the … Continue Reading

Massachusetts AGO Enters Into Another Settlement For Data Security Violations

For the fourth time since the Massachusetts data security regulations took effect in March 2010, the Massachusetts Attorney General’s Office (“AGO”) has settled allegations that Massachusetts-based entities violated the regulations.  On January 7, 2013, Suffolk Superior Court approved consent judgments pursuant to which five entities agreed to collectively pay $140,000 to settle allegations that they … Continue Reading

Alternative Trading System Agrees to Pay $800K for Failure to Protect Confidential Information

Earlier this month, the Securities and Exchange Commission (“SEC”) instituted public administrative and cease and desist proceedings against eBX, LLC (“eBX”), a broker-dealer registered with the SEC.  eBX operates LeveL ATS, an alternative trading system (“ATS”) known as a “black pool,” which is a proprietary market where traders may exchange large blocks of stock with … Continue Reading

California District Court Dismisses Privacy Class Action Lawsuit Against LinkedIn

A California District Court has dismissed with prejudice a class action lawsuit filed against LinkedIn on behalf of its registered users, finding the allegations too speculative to sustain a lawsuit. An earlier Complaint filed by one of the representative Plaintiffs was dismissed by the Court without prejudice, allowing the Plaintiff to amend the Complaint and bring … Continue Reading

Massachusetts Hospital Agrees to Pay $775,000 for Security Breach

Following a two year investigation by the Massachusetts Attorney General’s Office (“AGO”), a local Massachusetts hospital has agreed to pay $775,000 to resolve allegations that it failed to protect the personal and confidential health information of more than 800,000 consumers. The investigation and settlement resulted from a data breach disclosed by South Shore Hospital in 2010, … Continue Reading

Massachusetts AGO Stresses the Importance of Encryption

 The Massachusetts Attorney General’s Office ("AGO") has entered into an Assurance of Discontinuance (the "Settlement") with a Massachusetts company after allegations that the company failed to adequately protect personal information of Massachusetts residents. The AGO alleged that an employee of Maloney Properties, Inc. ("MPI") stored unencrypted personal information on a company laptop, and failed to … Continue Reading

Massachusetts Data Security Regulations: Deadline To Update Service Provider Contracts Is Fast Approaching

The deadline for compliance with a key requirement of the Massachusetts Data Security Regulations is only a month away. By March 1, 2012, contracts must require that certain service providers implement and maintain appropriate security measures to protect personal information. This alert summarizes the requirements that will become effective as of March 1, 2012. Read … Continue Reading

Anderson v. Hannaford: Plaintiff Customers May Recover Mitigation Costs Of Data Breach

Plaintiff customers in litigation stemming from Hannaford Brothers, Co.’s 2007 data breach were handed a partial victory by the First Circuit on October 20th. The Court held that plaintiffs’ claims for negligence and implied contract should survive Hannaford’s motion to dismiss because plaintiffs’ reasonably foreseeable mitigation costs constitute a cognizable claim for damages under Maine … Continue Reading

Massachusetts AG Says Having a WISP is Not Enough to Comply With Massachusetts Data Security Regulations

The Massachusetts Attorney General’s Office and Belmont Savings Bank have agreed to resolve allegations that Belmont Savings Bank has violated the Commonwealth’s stringent data security regulations (see our post about 201 CMR 17.00 here) through an Assurance of Discontinuance, which has been filed in Massachusetts state court (see document here). Belmont Savings Bank has agreed … Continue Reading

Application of New Massachusetts Data Security Regulations to Out-of-State Businesses

Massachusetts’s new data security regulations, effective as of March 1, 2010, currently set forth the country’s most stringent requirements for protecting data. Extending beyond what is required by other states, Massachusetts specifies that, for example, covered entities must implement a written information security program and must encrypt personal information that will be transmitted over the Internet, … Continue Reading