Massachusetts

Subscribe to Massachusetts

Although the Massachusetts Data Security Regulations went into effect March 1, 2010, I still find that many companies have not implemented a Written Information Security Program (WISP) and don’t know that they are required to do so.

According to the regulations, any companies or persons who store or use personal information of a Massachusetts resident

According to reports, a Georgia-based physician who previously pleaded guilty to criminal violations of the Health Insurance Portability and Accountability Act (HIPAA) received six months of probation from a Massachusetts federal judge earlier this week.

The physician – a pediatric cardiologist – pleaded guilty in February, 2018 to a misdemeanor count of wrongful disclosure of

Last week, two Senators, Senator Edward J. Markey of Massachusetts and Senator Richard Blumenthal of Connecticut sent a letter to the Federal Trade Commission (FTC) regarding apps designed for children and whether they are in compliance with the Children’s Online Privacy Protection Act (COPPA), See 15 U.S.C. 6501 and regulations at 16 C.F.R. Part 312 et. seq.  The Senators stated that they are concerned that thousands of apps may “improperly track children and collect their personal information.” The Senators requested a response from the FTC by October 31. The letter also asked that the FTC “investigate whether these apps, and the advertising companies they work with, are in fact tracking children with persistent identifiers and collecting their personal information in violation of COPPA…”
Continue Reading Protecting the Privacy of Children Online – More Updates on COPPA

Earlier this year, Governor Charlie Baker signed into law an Act to Protect Access to Confidential Healthcare (the PATCH Act), which prevents information regarding “sensitive health care services” from being shared with anyone other than the patient in the form of Explanation of Benefits (EOB) and Summary of Payment (SOP) forms. When more than one person is covered by the same medical insurance plan, sensitive health care information can be disclosed through the use of these common forms, sometimes including information on sexual assault, domestic violence, mental health disorders, or sexual and reproductive health. When the EOB or SOP is provided to the named policyholder—rather than the specific beneficiary that the services described therein relate to—the beneficiary’s confidentiality can be compromised. 
Continue Reading Massachusetts PATCH Act, Requires Additional Protection for Certain Confidential Health Care Information

Courts are often faced with the dilemma of applying centuries, or even decades, old law to constantly evolving technological advancements.  See, e.g., Transcript of Oral Argument, United States v. Microsoft, No. 17-2 (U.S. Feb. 27, 2018) (attempting to ascertain the relationship between the Stored Communications Act, a 1986 law, and modern cloud computing

OnBoard Security, a Wilmington, Massachusetts-based security provider, announced last week that graduate students from Johns Hopkins University Information Security Institute (JHUISI) have successfully implemented a secured type of sense-and-avoid (SAA) technology for drones to prevent mid-air collisions that is not as vulnerable to cyber-attacks as other prior SAA technologies. The JHUISI team knew that they

Massachusetts Attorney General Maura Healey recently announced that her office will be launching a new online data breach reporting portal for companies to use to report data breaches to her office pursuant to the Massachusetts data breach notification statute.

The use of the portal is voluntary and does not relieve companies of their statutory obligations,

As more and more state laws allow the use of marijuana for medical conditions, and dispensaries are opening to provide users with access to marijuana for medical purposes (and recreational use), patients are questioning and becoming concerned about the protection of their privacy when purchasing marijuana in dispensaries. The concern is that federal law still outlaws marijuana, as do many states, and many employers conduct drug monitoring and may access and use data in the employment setting to terminate employees.

In response to these concerns, many states are enacting laws to protect the privacy of consumers who frequent marijuana dispensaries. For instance, Massachusetts does not require retailers to record customer information. Oregon does not allow marijuana retailers to record, retain or transfer personal information of customers of marijuana retailers.
Continue Reading Privacy Tip #107 – Medical Marijuana Privacy

Last week, a federal judge in Massachusetts ruled that the City of Newton’s drone ordinance, which attempted to regulate drone flights in the airspace over Newton, Massachusetts could not be enforced by the municipality because it is pre-empted by federal law. In December of 2016, the city passed an ordinance that required drone operators to register their drones, banned unmanned drone flights under 400 feet, and banned flights over private and public property without permission from the landowner.
Continue Reading City of Newton’s Drone Ordinance Overturned by Federal Judge