Tag Archives: Massachusetts

Nevada Updated Its Definition of Personal Information, Have You?

When businesses set out to safeguard “personal information,” a fundamental consideration is what that term means. Likewise, when negotiating a third-party vendor agreement, it typically is not enough to rely on the standard definition for “confidential information.” Recently, Nevada and other states have updated their definitions of personal information in connection data breaches notification and … Continue Reading

Proposed Bill Barring Credit Checks By Employers

Massachusetts Senator Elizabeth Warren recently introduced legislation which would ban employers from conducting credit checks of prospective employees during the hiring process.  Known as the Equal Employment for All Act, the measure would amend the Fair Credit Reporting Act to prohibit employers from using consumer credit reports to make employment decisions.  Notably, the Act would permit exceptions … Continue Reading

Massachusetts Company Fined $15,000 Under State’s Data Security Law

The Massachusetts AG's enforcement of its data security law demonstrates that it does not take lightly the loss of Massachusetts residents' personal information, even if that loss has not caused any known harm to the affected residents, and that it may remain watchful over the subject of an investigation for years to come.… Continue Reading

Third Party Vendors Equal Data Breach Risk, Massachusetts Vendor Contract Deadline Approaches – March 1, 2012

Massachusetts service provider contract deadline - March 1, 2012 - should be a reminder to revisit all contracts with third party vendors to ensure they require the vendor to safeguard personal information.… Continue Reading

California and Massachusetts Legislatures Push Data Breach and Security Bills

In distinct efforts to strengthen data security requirements, the California and Massachusetts legislatures recently passed bills affecting data breach notification requirements and data security notification, respectively.   On April 14, 2011, the California senate approved S.B. 24, requiring California businesses and agencies to notify the state attorney general if more than 500 California residents are notified … Continue Reading

HHS Settlement Follows Enforcement Fine

In a uniquely timed second showing of enforcement authority, the Department of Health and Human Services (HHS) announced on February 24, 2011 a one million dollar settlement with a Massachusetts hospital that allegedly breached patient data.  This settlement announcement comes only days after HHS announced a 4.3 million dollar HIPAA Privacy Rule fine.  The Massachusetts … Continue Reading

Complimentary Webinar – Massachusetts Data Security Regulations: A Plan for Compliance

Beginning March 1, 2010, businesses will be required to safeguard from identity theft and other dangers personal information about Massachusetts residents under a “written information security program” or WISP. Similar requirements exist in other states around the country, although those requirements generally are not as comprehensive as those becoming effective in the Bay state. Our complimentary webinar … Continue Reading

State Law Developments for Credit and Criminal Background Checks

Recent state law developments will affect whether and to what extent certain employers can conduct credit and criminal background checks on employees and applicants. Employers, particularly multi-state employers, should be sure to review these new requirements and adjust their practices accordingly. Massachusetts The Commonwealth has changed how employers access and use criminal offender record information … Continue Reading

The Final, Final Massachusetts Data Security Regulations and a Checklist for Compliance

The Massachusetts Office of Consumer Affairs and Business Regulations (OCABR) announced on November 4, 2009, the filing of final regulations (pdf) with the Secretary of State’s office, the final step before the regulations take effect March 1, 2010. The final regulations differ slightly from the version of the regulations issued in August 2009, which made significant revisions to … Continue Reading

WISP: Do You Have a Plan for Your Company’s Sensitive Information?

Data privacy and security laws in states such as Massachusetts, Maryland and Nevada require businesses to develop written policies and procedures that provide administrative, physical, and technological safeguards to protect personal information – or a "written information security program" or "WISP." These laws do not require protections for confidential company information and trade secrets, but … Continue Reading
LexBlog