Privacy Law Blog

Tag Archives: Massachusetts

Massachusetts Federal Judge Says ZIP Code is Definitely Maybe “Personal Identification Information” . . . Implores Parties to Seek State Court Certification.

In an extension of the spate of litigation surrounding California's Song-Beverly Credit Card Act and other laws like it, the U.S. District Court for the District of Massachusetts in Tyler v. Michaels Stores, Inc., Civ. No. 11-10920-WGY (D. Mass. Jan. 6, 2012), followed the California Supreme Court's lead in ruling that ZIP codes are "personal identification information" within the meaning of Mass. Gen. Laws, ch. 93, § 105(a). The court nonetheless dismissed the plaintiff's putative class action because she failed to allege any legally cognizable harm as a result of Michaels' collection of her ZIP code in connection with a credit card transaction. Retailers who were unhappy with the California Supreme Court's opinion in Pineda probably will not be any more pleased with the court's ZIP code reasoning here. But the result? You bet! … Continue Reading

Proskauer Lawyers Help Secure Victory for DNA Privacy Rights

On August 25, 2011, the Massachusetts Appeals Court, in a case of first impression, ruled that the state crime lab's retention of an individual's DNA sample beyond the limitations promised to him by the police when they took the voluntary sample state a claim for invasion of privacy, and for violation of the state's Fair Information Practices Act ("FIPA"). The case, Amato v. District Attorney, No. 10-P-354 (Mass. Ct. App. Aug. 25, 2011), is a significant win for privacy advocates and the Firm. Proskauer partner Mark Batten and former associate Sandra Badin handled the matter with assistance from the Firm's pro bono partner, the ACLU. … Continue Reading

Massachusetts AG Says Having a WISP is Not Enough to Comply With Massachusetts Data Security Regulations

The Massachusetts Attorney General’s Office and Belmont Savings Bank have agreed to resolve allegations that Belmont Savings Bank has violated the Commonwealth’s stringent data security regulations (see our post about 201 CMR 17.00 here) through an Assurance of Discontinuance, which has been filed in Massachusetts state court (see document here). Belmont Savings Bank has agreed … Continue Reading

Bay State “Brings It”: Attorney General Enters Consent Agreement with Restaurant Group for Data Security Failures

On March 28, 2011, the Massachusetts Superior Court issued a Final Judgment by Consent between the Commonwealth and Briar Group, LLC that resolves allegations that Briar Group failed to take measures to protect consumer credit and debit card information. Pursuant to the Final Judgment, Briar Group must pay $110,000 to the Commonwealth, establish a written information security program ("WISP"), and implement a number of other information security measures to help protect customer data. … Continue Reading

Massachusetts Data Security Regulations: Your Company May Not Be Located There, But If Your Customers Are, You Need to Comply

As we’ve discussed in prior posts, newly effective regulations promulgated under Massachusetts’ recent data security law, Mass. Gen. Law ch. 93H, have raised the bar for data security compliance, and they have a long reach.  The regulations are national and international in scope, as they apply to all companies – wherever located– using personal data … Continue Reading

Massachusetts’ Revised Data Security Regulations Extend Deadline (Again) and Soften Some Requirements

Undersecretary Barbara Anthony, of the Massachusetts Office of Consumer Affairs and Business Regulation, announced today revisions to Massachusetts’ data security regulations, as well as an extension of the applicable compliance deadline from January 1, 2010 to March 1, 2010.  (Previous to an earlier extension, the compliance deadline was May 1, 2009.) The revised regulations emphasize … Continue Reading

MA Delays Implementation of Information Protection Standards

Businesses holding personal information of Massachusetts residents have at least one thing to be thankful for this holiday season.  As reported here, Massachusetts earlier this year established strict standards for protection of personal information about Massachusetts residents. Those standards include encryption of electronic data when stored or transmitted and were set to take effect January … Continue Reading

Iowa Enacts 43rd State Breach Notification Law

On May 9, 2008, Iowa Governor Chester Culver signed legislation (SF 2308) requiring any person who owns or licenses computerized data that includes a consumer's personal information to give notice of a breach of security. The law does not require notification if, after an appropriate investigation or after consultation with the relevant federal, state, or local agencies responsible for law enforcement, the person determined that no reasonable likelihood of financial harm to the consumers whose personal information has been acquired has resulted or will result from the breach. Following is an updated list of the 43 state security breach notification laws (plus District of Columbia and Puerto Rico). … Continue Reading

More Breach Notification Laws — 42 States and Counting

Virginia, West Virginia, and South Carolina are the latest states to pass data breach notification laws, bringing to 42 the total number of states with such laws on the books (including the one state with a law that applies only to public entities, Oklahoma). Listed below are the 41 states with laws that apply to private entities (plus the District of Columbia and Puerto Rico). … Continue Reading

In Response To TJX Data Breach, One State Enacts Legislation Imposing New Security and Liability Obligations; Similar Bills Pending in Five Other States

Lawmakers in six states have responded quickly to the massive data breach at TJX Companies, Inc. with various bills designed to strengthen merchant security and/or render companies liable for third party companies’ costs arising from data breaches. These latest bills – introduced in California, Connecticut, Illinois, Massachusetts, Minnesota and Texas – represent a new front of … Continue Reading
LexBlog