Based on an unprecedented number of college closures, along with complex demographic challenges showing continued reductions in the number of college-aged students, states are struggling to determine how to best protect both students and college employees. Currently, most states have been reactive, and have only taken action after a college has announced its intention to

Although the Massachusetts Data Security Regulations went into effect March 1, 2010, I still find that many companies have not implemented a Written Information Security Program (WISP) and don’t know that they are required to do so.

According to the regulations, any companies or persons who store or use personal information of a Massachusetts resident

According to reports, a Georgia-based physician who previously pleaded guilty to criminal violations of the Health Insurance Portability and Accountability Act (HIPAA) received six months of probation from a Massachusetts federal judge earlier this week.

The physician – a pediatric cardiologist – pleaded guilty in February, 2018 to a misdemeanor count of wrongful disclosure of

Last week, two Senators, Senator Edward J. Markey of Massachusetts and Senator Richard Blumenthal of Connecticut sent a letter to the Federal Trade Commission (FTC) regarding apps designed for children and whether they are in compliance with the Children’s Online Privacy Protection Act (COPPA), See 15 U.S.C. 6501 and regulations at 16 C.F.R. Part 312 et. seq.  The Senators stated that they are concerned that thousands of apps may “improperly track children and collect their personal information.” The Senators requested a response from the FTC by October 31. The letter also asked that the FTC “investigate whether these apps, and the advertising companies they work with, are in fact tracking children with persistent identifiers and collecting their personal information in violation of COPPA…”
Continue Reading Protecting the Privacy of Children Online – More Updates on COPPA

Earlier this year, Governor Charlie Baker signed into law an Act to Protect Access to Confidential Healthcare (the PATCH Act), which prevents information regarding “sensitive health care services” from being shared with anyone other than the patient in the form of Explanation of Benefits (EOB) and Summary of Payment (SOP) forms. When more than one person is covered by the same medical insurance plan, sensitive health care information can be disclosed through the use of these common forms, sometimes including information on sexual assault, domestic violence, mental health disorders, or sexual and reproductive health. When the EOB or SOP is provided to the named policyholder—rather than the specific beneficiary that the services described therein relate to—the beneficiary’s confidentiality can be compromised. 
Continue Reading Massachusetts PATCH Act, Requires Additional Protection for Certain Confidential Health Care Information

Courts are often faced with the dilemma of applying centuries, or even decades, old law to constantly evolving technological advancements.  See, e.g., Transcript of Oral Argument, United States v. Microsoft, No. 17-2 (U.S. Feb. 27, 2018) (attempting to ascertain the relationship between the Stored Communications Act, a 1986 law, and modern cloud computing

OnBoard Security, a Wilmington, Massachusetts-based security provider, announced last week that graduate students from Johns Hopkins University Information Security Institute (JHUISI) have successfully implemented a secured type of sense-and-avoid (SAA) technology for drones to prevent mid-air collisions that is not as vulnerable to cyber-attacks as other prior SAA technologies. The JHUISI team knew that they

Massachusetts Attorney General Maura Healey recently announced that her office will be launching a new online data breach reporting portal for companies to use to report data breaches to her office pursuant to the Massachusetts data breach notification statute.

The use of the portal is voluntary and does not relieve companies of their statutory obligations,