In January 2011, David Cheng (Plaintiff) filed a lawsuit against his former co-worker and fellow radiologist, Laura Romo (Defendant), alleging a violation of the Stored Communications Act (SCA) and Massachusetts privacy law. After the U.S District Court of Massachusetts denied Defendant’s motion for summary judgment on both counts, the case
Amy Crafts
Massachusetts AGO Enters Into Another Settlement For Data Security Violations
For the fourth time since the Massachusetts data security regulations took effect in March 2010, the Massachusetts Attorney General’s Office (“AGO”) has settled allegations that Massachusetts-based entities violated the regulations. On January 7, 2013, Suffolk Superior Court approved consent judgments pursuant to which five entities agreed to collectively pay $140,000…
Alternative Trading System Agrees to Pay $800K for Failure to Protect Confidential Information
Earlier this month, the Securities and Exchange Commission (“SEC”) instituted public administrative and cease and desist proceedings against eBX, LLC (“eBX”), a broker-dealer registered with the SEC. eBX operates LeveL ATS, an alternative trading system (“ATS”) known as a “black pool,” which is a proprietary market where traders may exchange…
California District Court Dismisses Privacy Class Action Lawsuit Against LinkedIn
A California District Court has dismissed with prejudice a class action lawsuit filed against LinkedIn on behalf of its registered users, finding the allegations too speculative to sustain a lawsuit. An earlier Complaint filed by one of the representative Plaintiffs was dismissed by the Court without prejudice, allowing the Plaintiff to amend the Complaint and bring the lawsuit again. In this recent decision, the Court dismissed all of the claims asserted in the Amended Complaint with prejudice, and without leave to amend either because the claims were legally defective or because the Plaintiff failed to cure deficiencies raised in LinkedIn’s motion to dismiss the original Complaint or raised in the Court’s order dismissing the original Complaint.
Massachusetts Hospital Agrees to Pay $775,000 for Security Breach
Following a two year investigation by the Massachusetts Attorney General’s Office (“AGO”), a local Massachusetts hospital has agreed to pay $775,000 to resolve allegations that it failed to protect the personal and confidential health information of more than 800,000 consumers. The investigation and settlement resulted from a data breach disclosed by South Shore Hospital in 2010, where the information disclosed included individuals’ names, Social Security numbers, financial account numbers and medical diagnoses.
Massachusetts AGO Stresses the Importance of Encryption
The Massachusetts Attorney General’s Office ("AGO") has entered into an Assurance of Discontinuance (the "Settlement") with a Massachusetts company after allegations that the company failed to adequately protect personal information of Massachusetts residents. The AGO alleged that an employee of Maloney Properties, Inc. ("MPI") stored unencrypted personal information on a company laptop, and failed to follow the company’s written information security program ("WISP") that set forth the company’s standards for protecting personal information. MPI agreed to pay a fine of $15,000 in connection with the Settlement.
Massachusetts Data Security Regulations: Deadline To Update Service Provider Contracts Is Fast Approaching
The deadline for compliance with a key requirement of the Massachusetts Data Security Regulations is only a month away. By March 1, 2012, contracts must require that certain service providers implement and maintain appropriate security measures to protect personal information. This alert summarizes the requirements that will become effective as…
Anderson v. Hannaford: Plaintiff Customers May Recover Mitigation Costs Of Data Breach
Plaintiff customers in litigation stemming from Hannaford Brothers, Co.’s 2007 data breach were handed a partial victory by the First Circuit on October 20th. The Court held that plaintiffs’ claims for negligence and implied contract should survive Hannaford’s motion to dismiss because plaintiffs’ reasonably foreseeable mitigation costs constitute a cognizable claim for damages under Maine law. While this case, Anderson v. Hannaford Brothers, Co., may be read narrowly to apply only to circumstances involving actual theft and misuse of customers’ data, plaintiffs’ lawyers, who for years have made unsuccessful claims for damages following data security breaches, will likely attempt to broaden this holding to apply at least to other mitigation costs incurred by plaintiffs.