"Fake" Sales, Deceptive Pricing Claims, Massachusetts, Price Advertising
The Issue of Harm in Lawsuits on Retail Price-Comparison Advertising: Massachusetts Cases to Note
By Benjamin Stein on February 12, 2016
201 CMR 17-00, AES, anonymity, behavioral advertising, breach notification, California, cloud computing, contracts, DPA, Eavesdropping, encryption, EU Data Protection Directive, GLBA, HIPAA, HITECH, IAPP, Kearney, Massachusetts, personally identifiable information, pii, RFID, social networking, spam, SSN, TCPA, telemarketing, text messages, UK ICO, VPPA
Celebrating Data Privacy from A to Z
By InfoLawGroup LLP on January 28, 2010
In honor of Data Privacy Day and its spirit of education, I thought it might be appropriate (and fun) to celebrate some (but certainly not all) of the A, B, Cs of Data Privacy. Would love to see your contributions, too!
ADCR, BJ, BJ Wholesale Club, Breach, card, Club, damages, doctrine, economic, economic loss doctrine, fraud, Hannaford, litigation, loss, Massachusetts, mastercard, negligence, payment, payment card, PCI DSS, PCI DSS litigation, retailers, TJX, unfair practices, unfair practices Massachusetts visa mastercard ADCR, visa, Wholesale
Massachusetts's Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift
By InfoLawGroup LLP on December 23, 2009
201CMR17-00, Massachusetts, risk, WISP
Analyzing the Risk-Based Factors of Massachusett's Data Security Law
By InfoLawGroup LLP on November 18, 2009
SearchSecurity.com published an article by me yesterday (Interpreting 'risk' in the Massachusetts data protection law) concerning the risk-based elements of Massachusetts' data security regulation (201 CMR 17.00, et. al). The gist of the article is that any company that chooses anything less than "strict compliance" with the specific written information security policy ("WISP") and control requirements of the regulation must be able to legally support their decision based on the regulation's risk elements. What this amounts to is developing a legal opinion interpreting and applying those risk-based factors to the organization's particular circumstances.
information security law, information security law legislation, Legislation, Massachusetts, Massachusetts personally identifiable information service provider, personally identifiable information, service provider
Massachusetts' Revised Personal Information Security Regulation (201 CMR 17.00)
By InfoLawGroup LLP on October 03, 2009
Massachusetts' Office of Consumer Affairs & Business Regulation (OCABR) recently released a revised version of its "Standards for the Protection of Personal Information of Residents of the Commonwealth" (the "Regulation"). This August 2009 version modifies the February 2009 version of the Regulation. The press release for the new revision is here, and the FAQs released by OCABR appear updated to address some of the changes in the regulations.For ease of reference, ISC has taken the time to create a REDLINED VERSION showing the revisions in the new Regulation. The redlines indicate changes between the February 2009 version and the August 2009 version of the Regulation. Also included below is a summary of some of the more significant changes.
210 CMR 17-00, breach notification, creditors, driver's license, FACTA, Fair Credit Reporting Act, FCRA, financial account, FIPS, FTC, generally accepted, health information, HIPAA, HITECH, key management, laptops, Massachusetts, medical data, Nevada, payment card, Payment Card Industry Digital Security Standard, PCI DSS, portable devices, public networks, Red Flags, Red Flags Rule, Security, social security number, SSN, wireless
Code or Clear? Encryption Requirements (Part 2)
By W. Scott Blackmer on October 01, 2009
In the last post, I talked about the role of encryption in fashioning a "reasonable" security plan for sensitive personal information and other protected data routinely collected, stored, and used by an enterprise. But lawmakers and regulators are getting more specific about using encryption and managing data that is risky from an ID-theft perspective. Here are some leading examples of this trend.
