Massachusetts Senator Elizabeth Warren recently introduced legislation which would ban employers from conducting credit checks of prospective employees during the hiring process. Known as the Equal Employment for All Act, the measure would amend the Fair Credit Reporting Act to prohibit employers from using consumer credit reports to make employment decisions. Notably, the Act would permit exceptions… Continue Reading
Medical billing company’s alleged dumping of medical records results in $140K settlement with Massachusetts Attorney General.
The Massachusetts AG’s enforcement of its data security law demonstrates that it does not take lightly the loss of Massachusetts residents’ personal information, even if that loss has not caused any known harm to the affected residents, and that it may remain watchful over the subject of an investigation for years to come.
Massachusetts service provider contract deadline – March 1, 2012 – should be a reminder to revisit all contracts with third party vendors to ensure they require the vendor to safeguard personal information.
In distinct efforts to strengthen data security requirements, the California and Massachusetts legislatures recently passed bills affecting data breach notification requirements and data security notification, respectively. On April 14, 2011, the California senate approved S.B. 24, requiring California businesses and agencies to notify the state attorney general if more than 500 California residents are notified… Continue Reading
The trend of incresed enforcement of data privacy and security laws continues in Massachusetts as Boston restaurant group is fined $110,000.
In a uniquely timed second showing of enforcement authority, the Department of Health and Human Services (HHS) announced on February 24, 2011 a one million dollar settlement with a Massachusetts hospital that allegedly breached patient data. This settlement announcement comes only days after HHS announced a 4.3 million dollar HIPAA Privacy Rule fine. The Massachusetts… Continue Reading
Beginning March 1, 2010, businesses will be required to safeguard from identity theft and other dangers personal information about Massachusetts residents under a “written information security program” or WISP. Similar requirements exist in other states around the country, although those requirements generally are not as comprehensive as those becoming effective in the Bay state. Our complimentary webinar… Continue Reading
Recent state law developments will affect whether and to what extent certain employers can conduct credit and criminal background checks on employees and applicants. Employers, particularly multi-state employers, should be sure to review these new requirements and adjust their practices accordingly. Massachusetts The Commonwealth has changed how employers access and use criminal offender record information… Continue Reading
The Massachusetts Office of Consumer Affairs and Business Regulations (OCABR) announced on November 4, 2009, the filing of final regulations (pdf) with the Secretary of State’s office, the final step before the regulations take effect March 1, 2010. The final regulations differ slightly from the version of the regulations issued in August 2009, which made significant revisions to… Continue Reading
Data privacy and security laws in states such as Massachusetts, Maryland and Nevada require businesses to develop written policies and procedures that provide administrative, physical, and technological safeguards to protect personal information – or a "written information security program" or "WISP." These laws do not require protections for confidential company information and trade secrets, but… Continue Reading