Tag Archives: Massachusetts data security regulations

Massachusetts Attorney General Settles Enforcement Action for $750,000

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Data Breaches, Enforcement, State Legislation
In June, 2010, South Shore Hospital announced on its website that unencrypted back-up tapes containing patient information went missing and were believed to have been discarded at a dump.  Reports state that this incident involved 473 tapes which contained information about 800,000 patients, including names, social security numbers, account numbers, and medical diagnoses. On May … Continue Reading

All Contracts with Vendors Who Handle Personal Information of Massachusetts Residents Must Have Appropriate Safeguards in Place by March 1, 2012

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Enforcement, Information Security
Regulators are focusing more and more on how responsible organizations are when engaging third-party vendors.  HIPAA has in place requirements for engaging business associates.  The Connecticut Department of Insurance has requirements for reporting breaches caused by vendors.  And, the Massachusetts Attorney General, through the Data Security Regulations, requires oversight of third-party service providers.  This is … Continue Reading

Restaurant Group Pays $110,000 to Settle Lawsuit Alleging a Failure to Secure Payment Card Data

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Payment Card Industry
In a February co-post with Baker Hostetler’s Hospitality Lawg, we wrote about security breach reports that continued to show hospitality and restaurant groups as favorite targets of hackers.  Two of the factors we cited as explanations for their vulnerability—failure to secure wireless networks and not complying with the Payment Card Industry Data Security Standard (PCI … Continue Reading
LexBlog