Privacy Law Blog

Tag Archives: Maine

Anderson v. Hannaford: Plaintiff Customers May Recover Mitigation Costs Of Data Breach

Plaintiff customers in litigation stemming from Hannaford Brothers, Co.’s 2007 data breach were handed a partial victory by the First Circuit on October 20th. The Court held that plaintiffs’ claims for negligence and implied contract should survive Hannaford’s motion to dismiss because plaintiffs’ reasonably foreseeable mitigation costs constitute a cognizable claim for damages under Maine … Continue Reading

Media Companies May Block Maine Marketing to Minors Law

On Wednesday, August 26, 2009, a lawsuit was filed in federal court in Maine to enjoin Maine’s new predatory marketing to minors law, which was previously discussed on our blog. If not enjoined, this problematic law is scheduled to go into effect on September 12, 2009. The complaint, filed on behalf of offline and online entities, … Continue Reading

Maine Makes Marketing Minors “Predatory”

In mid-September, Maine’s “Act to Prevent Predatory Marketing Practices against Minors” is scheduled to take effect.  Due to the lack of a scienter element in several of the requirements of this new law, this Act could have far-reaching consequences for all businesses that engage in direct marketing or that sell or transfer personal information to … Continue Reading

Seven Days Is All She Wrote . . .

As our readers know, many of the 44 state data breach notification laws allow for (and may even require) a brief delay in notifying affected individuals of the breach if that notification would interfere with or impede a law enforcement investigation. Last week, the governor of Maine amended that state's data breach notification law. The amendment clarifies that notification may be delayed for no longer than 7 business days after a law enforcement agency determines that the notification will not compromise a criminal investigation. … Continue Reading

Iowa Enacts 43rd State Breach Notification Law

On May 9, 2008, Iowa Governor Chester Culver signed legislation (SF 2308) requiring any person who owns or licenses computerized data that includes a consumer's personal information to give notice of a breach of security. The law does not require notification if, after an appropriate investigation or after consultation with the relevant federal, state, or local agencies responsible for law enforcement, the person determined that no reasonable likelihood of financial harm to the consumers whose personal information has been acquired has resulted or will result from the breach. Following is an updated list of the 43 state security breach notification laws (plus District of Columbia and Puerto Rico). … Continue Reading

More Breach Notification Laws — 42 States and Counting

Virginia, West Virginia, and South Carolina are the latest states to pass data breach notification laws, bringing to 42 the total number of states with such laws on the books (including the one state with a law that applies only to public entities, Oklahoma). Listed below are the 41 states with laws that apply to private entities (plus the District of Columbia and Puerto Rico). … Continue Reading
LexBlog