Privacy Law Blog

Tag Archives: information security program

Bay State “Brings It”: Attorney General Enters Consent Agreement with Restaurant Group for Data Security Failures

On March 28, 2011, the Massachusetts Superior Court issued a Final Judgment by Consent between the Commonwealth and Briar Group, LLC that resolves allegations that Briar Group failed to take measures to protect consumer credit and debit card information. Pursuant to the Final Judgment, Briar Group must pay $110,000 to the Commonwealth, establish a written information security program ("WISP"), and implement a number of other information security measures to help protect customer data. … Continue Reading

No Doubt No Reasonable Suspicion Required — Laptops Now Fair Game at the Border

My very first blog post addressed a precedent-setting decision of the Central District of California holding that federal agents could not conduct a border search of the private and personal information stored on a traveler's computer hard drive or electronic storage devices without reasonable suspicion. Eighteen months later, the Ninth Circuit has squarely reversed that decision. In a short opinion filed April 21, 2008, Judge O'Scannlain wrote in U.S. v. Arnold, No. 06-50581, that "reasonable suspicion is not needed for customs officials to search a laptop or other personal electronic storage devices at the border." As far as the Ninth Circuit is concerned, for purposes of border searches under the Fourth Amendment, laptops and other electronic storage devices are not so much like a home or the human mind - they are more akin to luggage or a car. … Continue Reading

Federal Trade Commission Announces Settlement with TJX Over Inadequate Security Practices

According to a proposed settlement announced by the Federal Trade Commission (“FTC”) on March 27, 2008, discount retailer TJX will be required to implement a comprehensive information security program to remedy deficiencies in protecting sensitive consumer information. If approved, the settlement will resolve allegations that the company engaged in practices that failed to provide reasonable and … Continue Reading
LexBlog