A recent enforcement action by the Massachusetts’s Attorney General Office (“Mass. AG”) serves as a stark reminder of how important it is to have robust data security policies and practices in all respects, including with respect to company equipment and locally stored data.
Massachusetts was among the first states to pass and implement regulations creating affirmative security standards for companies holding information of Massachusetts residents, which the Mass. AG is empowered to enforce. In the recently announced enforcement action against a Medicaid bill processing company, the AG settled with the company for violating “state consumer protection and data security laws” stemming from the theft of a laptop from a locked car in or about 2014. The laptop was believed to have contained, among other things, the unencrypted personal information of more than 2,600 Massachusetts schoolchildren, including their names, social security numbers, Medicaid identification numbers, and for some students, their birth dates. News reports at the time indicate that the company notified all the parents of affected children about a month after the incident.
Click here, to continue reading on the Cleary Cybersecurity and Privacy Watch blog.