Wednesday, December 22, 2010

Data Breach: First Test of Massachusetts Data Privacy Law

While the FTC Red Flag Rules no longer apply to law firms, the Massachusetts data privacy law, enacted earlier this year remains in effect. News broke yesterday concerning the data loss. In this case, data on 1850 MA residents was exposed:
  • "The breach, which occurred in September, was discovered by a Twin America Web programmer in October and came to light when the company's attorney wrote letters to states' attorneys general disclosing the breach."
Recall, the new rules mandate disclosure and have been called "one of the toughest in the nation," applying to any individual or organization that: "...store[s], collect[s] or use[s] personal information, including name, social security, driver's license number or financial information on Massachusetts residents - regardless of whether those organizations are based in or have offices in the state."

This appears to be the first published incident of a data breach subject to the Massachusetts rules. And while the party in question is not a law firm, 2010 has shown that law firms are not immune to unexpected data breaches.

No comments:

Post a Comment