Massachusetts Attorney General Maura Healey has unveiled a new, “easier and more efficient” way to notify her office of data breaches. The Massachusetts Attorney General’s Office has created an online portal and web form for submitting data breach notifications.  An email announcing the changes was transmitted this week to attorneys who have previously filed data breach notices on behalf of clients. The email requested our “assistance in passing the message along,” which we are hereby doing.

Attorney General Healey stated, “This new feature allows businesses to more efficiently report data breaches so we can take action and share information with the public.”  The Attorney General Office’s website will soon include a publicly accessible database of data breaches reported to the Office. Other states, including California and Maryland, have similar public databases.

Continue Reading Massachusetts Attorney General Launches Online Data Breach Reporting Portal

For those of you heading to Legaltech in New York next week, please join me and a great panel for what promises to be a lively discussion of hot topics in IoT and Mobile Discovery.  I’ve been fortunate enough to have been included in Relativity’s session on this topic at a number of conferences, and this next iteration is shaping up to be our best yet.  Here’s our session description:

From the Iron Rooster to Amazon Alexa: Mobile Discovery and the Internet of Things

Whether it’s missing mobile data (Montgomery v. Iron Rooster-Annapolis, LLC), digital data in a truck (Below v. Yokohama Tire Corp.), Fitbit data (State v. Dabate), or data from an Amazon Alexa (State v. Bates) mobile discovery and data from the Internet of Things (IoT) devices present challenges, not only for litigants and their lawyers, but for corporate organizations, paralegals, and technologists as well. In this session, lawyers and consultants, including a former Department of Justice cybercrime coordinator, a prominent discovery attorney, a corporate information governance expert, and a leading legal industry analyst, will address the legal, technical, and practical considerations of mobile, social, and IoT data, including preservation requirements and data privacy limitations.

Here’s the link to the Legaltech page, in case you haven’t registered yet.  Hope to see you in NYC!

Consumers are not the only ones suing retailers for payment card data breaches. The U.S. District Court for the Western District of Washington recently denied, in large part, a motion to dismiss a data breach class action brought by Veridian Credit Union, on behalf of itself and other financial institutions, against Eddie Bauer, LLC. The class action relates to a January 2016 payment card data breach that allegedly impacted “every Eddie Bauer store in the United States and Canada.”

The court dismissed Veridian’s negligence per se claim, but allowed Veridian’s negligence and state statutory claims to proceed. The court’s analysis of choice of law and negligence issues is worth a read. Continue Reading Federal Court Allows Credit Union Data Breach Class Action to Proceed Against Eddie Bauer