Data Security

My firm’s Client Advisory on Massachusetts Data Security Regulations, Which Took Effect (at long last) on March 1st

March 3, 2010

My partner Joe Laferrera has been incredibly active in connection with the Massachusetts Data Security Regulations, which took effect on March 1, 2010 after multiple delays (initial deadline was January 1, 2009; second deadline May 1, 2009; third deadline January 1, 2010). Among other things, Joe has co-chaired the Boston Bar Association Privacy Committee last year and this, and organized what seems like countless programs on the regulations.  He has also spoken to legal and business groups around the country on the topic (example of presentation materials here, and White Paper here).

Read the full article →

What a Phish …

January 18, 2010

A phish I received this weekend.  These are getting better and better (no typos, no foreign language malapropisms), and I can easily see some small percentage of recipients getting “caught” by this phishing expedition.  These links get shut down almost immediately, but I have disabled this link, in the same spirit that I’d be careful with an empty gun. BOA Phish

Read the full article →

Presentation Materials on Massachusetts Data Regulations

March 17, 2009

Recently my partner Joseph Laferrera has given a series of presentations and webinars on the controversial new Massachusetts data security regulations. Information on his upcoming webinar with Ntirety (a database administrator and client of our firm), on April 2, 2009 at 10:00 a.m., is available at this link. A copy of the slides Joe is using now (they change often, based on developments), is on, here: The New Standard – Massachusetts’ Sweeping New Data Protection Rules Publish at Scribd or explore others: Science & Engineerin data protection

Read the full article →

White Paper: New Data Security Regulations Have Sweeping Implications For Massachusetts Businesses

November 11, 2008

A white paper written by my partner Joe Laferrera — New Data Security Regulations Have Sweeping Implications For Massachusetts Businesses– is embedded below (using Alternatively, click on the link. New Data Security Regulations Have Sweeping Get your own at Scribd or explore others:

Read the full article →

New Massachusetts Rules on Data Security a Game Changer

September 25, 2008

The department of consumer affairs and business regulation shall adopt regulations relative to any person that owns or licenses personal information about a resident of the commonwealth. Such regulations shall be designed to safeguard the personal information of residents of the commonwealth … M.G.L. Chapter 93H: Section 2 Here is a link to the Executive Order signed by Governor Patrick on September 19, 2008. The Executive Order applies to State agencies; the regulations apply to the private sector. The regulations are of particular interest. They require private sector entities who keep personal information about individuals to meet “minimum” security standards for paper and electronic records. They apply broadly to “persons who own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts”. They require the creation of a “written information security program” which must be “reasonably consistent with industry standards.” The most minimal requirements of such a program are (to my eye) quite extensive (and burdensome). I think it is an understatement to say that the regulation and Executive Order will attract a great deal of attention and preparation between now and year-end, and will likely spawn a new (or expanded) industry of compliance consultants.  

Read the full article →

The Massachusetts Data Breach Notification Statute; Online Copyright Infringement

July 10, 2008

Spring 2008 Gesmer Updegrove Technology Law Bulletin – Upload a Document to Scribd Read this document on Scribd: Spring 2008 Gesmer Updegrove Technology Law Bulletin

Read the full article →