Last week, the Tex-Mex restaurant chain On the Border suffered a data breach that impacted its payment acceptance systems in 27 states. The restaurant says that some credit card information of customers who visited the chain between April and August 2019 may have been compromised. In a press release, On the Border representatives said, “Our … Continue Reading
The New York “Stop Hacks and Improve Electronic Data Security Act” (SHIELD Act), N.Y. Gen Bus. Law§ 899-bb, requires businesses that collect private information on New York residents to implement reasonable cybersecurity safeguards to protect that information. While this is a new law in the State of New York, it is simply joining other states, … Continue Reading
New Hampshire Governor Chris Sununu recently signed the New Hampshire Insurance Data Security Law, which “establishes the exclusive state standards applicable to licensees for data security, the investigation of a cybersecurity event…, and notification to the commissioner.” The law is applicable to all persons or entities licensed, authorized to operate, registered or required to be … Continue Reading
In the footsteps of San Francisco’s ban of the use of facial recognition technology, the cities of Somerville, Massachusetts, Oakland, California, and Berkeley, California are considering banning the use of facial recognition technology by municipal agencies. The proposed ban is in the midst of more and more cameras and smart technology being used for traffic … Continue Reading
Based on an unprecedented number of college closures, along with complex demographic challenges showing continued reductions in the number of college-aged students, states are struggling to determine how to best protect both students and college employees. Currently, most states have been reactive, and have only taken action after a college has announced its intention to … Continue Reading
Two law firms were among the latest victims of the GozNym malware attack that caused a combined loss of more than $117,000. Law enforcement authorities recently announced the dismantling of a cybercrime network that used this GozNym malware to attempt to steal an estimated $100 million from victims in the United States and around the … Continue Reading
We write about data breaches and privacy issues all the time. We are desensitized in some ways to the fact that our privacy may have been, or will be, compromised and, quite frankly, many people now distrust some of the very companies with which they shared their information. California led the way regarding privacy legislation … Continue Reading
Although the Massachusetts Data Security Regulations went into effect March 1, 2010, I still find that many companies have not implemented a Written Information Security Program (WISP) and don’t know that they are required to do so. According to the regulations, any companies or persons who store or use personal information of a Massachusetts resident … Continue Reading
According to reports, a Georgia-based physician who previously pleaded guilty to criminal violations of the Health Insurance Portability and Accountability Act (HIPAA) received six months of probation from a Massachusetts federal judge earlier this week. The physician – a pediatric cardiologist – pleaded guilty in February, 2018 to a misdemeanor count of wrongful disclosure of … Continue Reading
Last week, two Senators, Senator Edward J. Markey of Massachusetts and Senator Richard Blumenthal of Connecticut sent a letter to the Federal Trade Commission (FTC) regarding apps designed for children and whether they are in compliance with the Children’s Online Privacy Protection Act (COPPA), See 15 U.S.C. 6501 and regulations at 16 C.F.R. Part 312 … Continue Reading
Earlier this year, Governor Charlie Baker signed into law an Act to Protect Access to Confidential Healthcare (the PATCH Act), which prevents information regarding “sensitive health care services” from being shared with anyone other than the patient in the form of Explanation of Benefits (EOB) and Summary of Payment (SOP) forms. When more than one … Continue Reading
Courts are often faced with the dilemma of applying centuries, or even decades, old law to constantly evolving technological advancements. See, e.g., Transcript of Oral Argument, United States v. Microsoft, No. 17-2 (U.S. Feb. 27, 2018) (attempting to ascertain the relationship between the Stored Communications Act, a 1986 law, and modern cloud computing and storage … Continue Reading
OnBoard Security, a Wilmington, Massachusetts-based security provider, announced last week that graduate students from Johns Hopkins University Information Security Institute (JHUISI) have successfully implemented a secured type of sense-and-avoid (SAA) technology for drones to prevent mid-air collisions that is not as vulnerable to cyber-attacks as other prior SAA technologies. The JHUISI team knew that they … Continue Reading
Massachusetts Attorney General Maura Healey recently announced that her office will be launching a new online data breach reporting portal for companies to use to report data breaches to her office pursuant to the Massachusetts data breach notification statute. The use of the portal is voluntary and does not relieve companies of their statutory obligations, … Continue Reading
Many are lamenting not purchasing bitcoin now that its value has skyrocketed. Yesterday, Massachusetts Secretary of State William Galvin warned investors to stay away from investing in bitcoin, as he considers it a financial bubble that is a gamble for investors. Galvin stated: “It’s simply a creation of a vehicle which doesn’t exist backed by … Continue Reading
As more and more state laws allow the use of marijuana for medical conditions, and dispensaries are opening to provide users with access to marijuana for medical purposes (and recreational use), patients are questioning and becoming concerned about the protection of their privacy when purchasing marijuana in dispensaries. The concern is that federal law still … Continue Reading
Last week, a federal judge in Massachusetts ruled that the City of Newton’s drone ordinance, which attempted to regulate drone flights in the airspace over Newton, Massachusetts could not be enforced by the municipality because it is pre-empted by federal law. In December of 2016, the city passed an ordinance that required drone operators to … Continue Reading
The Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) has published an online list of data breach notifications issued each year to Massachusetts residents since 2007, the inception of the Commonwealth’s data breach notification law. The list identifies the entity that was breached; the number of Massachusetts residents affected; whether the breach was of … Continue Reading
The Connecticut State Police have taken the lead in training police dogs skilled in the art of detecting hidden data. As more and more crimes involve electronic evidence, criminal enforcement agencies throughout the country are recognizing the need to find that evidence quickly. Data detecting dogs help do this by sniffing out chemicals associated with … Continue Reading
Governor Bruce Rauner signed several new provisions into law amending Illinois’ Personal Information Privacy Act, including health insurance and medical information into the definition of personal information that triggers notification in the event of a breach. Health insurance information under the law includes an individual’s health insurance policy number or subscriber identification number as well … Continue Reading
Boston video production company, McElroy Films, LLC (McElroy Films), recently secured its Federal Aviation Administration (FAA) Section 33 exemption, adding its name (and services) to the list of 22 other commercial drone operators in the state of Massachusetts. Owner of McElroy Films, Ben McElroy, said, “We have been able to capture incredible footage through drone … Continue Reading
Hundreds of Quincy Credit Union (Massachusetts) customers reported that unauthorized ATM withdrawals were made from their accounts over the holiday weekend. Officials now believe that skimmers were placed on ATM machines in early December. As is typical, the thieves waited until a weekend (and a holiday one at that) to make withdrawals because they knew … Continue Reading
Many business have suffered the misery and frustration of a harshly negative, anonymous online review. That anonymity, critics argue, frees the reviewer from worries about the need for accuracy and, worse yet, encourages the spiteful posting of false accusations designed to drive away customers. In competitive markets, the targeted business has no choice but to … Continue Reading
MAC Cosmetics, Inc. (MAC) has settled a proposed class action suit filed in Massachusetts federal court, which alleged that it illegally obtained customers’ zip codes at the point of sale. MAC has agreed to set up a fund totaling $365,000 to issue gift cards to approximately 86,000 former MAC customers who purchased MAC products starting … Continue Reading
