Tag Archives: Massachusetts

State Privacy Laws Have the Potential to Haunt Industry

With less than two months until it goes into effect, many practitioners are focused on bringing their programs into compliance with the California Consumer Protection Act (“CCPA”) by January 1, 2020.  But the rapid pace of privacy legal developments could continue next year.  This past year, five states established studies or task forces to study … Continue Reading

Massachusetts Amends Data Breach Notification Law to Require Free Credit Monitoring

The Governor of Massachusetts recently signed House Bill No. 4806 into law, which will amend certain provisions of the state’s data breach notification law.  In addition to changing the information that must be included in notifications to regulators and individuals, the amendments will also require entities to provide eighteen months of free credit monitoring services … Continue Reading

D.C. Circuit Hears Oral Arguments in Urban Outfitters ZIP Code Lawsuit

Last week, the D.C. Circuit heard oral argument in the lawsuit filed against Urban Outfitters and Anthropologie over their collection of customer ZIP codes at the point of sale.  The plaintiffs alleged that the practice of requesting ZIP codes at the point of sale during credit card transactions violated two D.C. statutes, the Consumer Protection … Continue Reading

Bed Bath & Beyond Sued Over Zip Code Data

As we previously blogged, in a case concerning retail chain Michaels Stores, the Supreme Judicial Court of Massachusetts (SJC) recently issued a broad ruling regarding the circumstances in which consumers may sue for collection of zip code information during credit card transactions under Massachusetts law.  Two separate putative class actions now have been filed under … Continue Reading

Massachusetts Supreme Judicial Court Issues Broad Ruling on Point-of-Sale Data Collection

In a recent decision, the Supreme Judicial Court of Massachusetts (“SJC”) broadly interpreted a statute that governs the personal information that may be collected by a merchant during a credit card transaction.  The decision, Tyler v. Michaels Stores, Inc., SJC-1145 (Mass. March 11, 2013), was issued in response to three questions that had been certified … Continue Reading

Mass. Data Security Regulation Governing Service Provider Contracts Takes Effect Soon

As of March 1, 2012, all companies storing the personal information of Massachusetts residents with a third-party service provider must contractually require the service provider to maintain data security measures “consistent” with the Massachusetts data security regulations.  (You can read our overview of these regulations here.) Among other things, those regulations—most of which took effect in … Continue Reading
LexBlog