In connection with a class action lawsuit filed against Michaels
Stores Inc., the United States District Court for the District of
Massachusetts certified to the Supreme Judicial Court of
Massachusetts three questions: (1) whether a ZIP code constitutes
personal identification information; (2) whether, under the
Massachusetts statute prohibiting collection of personal
identification information during a credit card
transaction, a plaintiff may pursue a claim without any
evidence of identity theft; and (3) whether, under the statute a
"credit card transaction form" includes an electronic
transaction form. Earlier this week, the Supreme
Court answered "yes" to all three of these
questions. A copy of the Court's opinion is attached
here. The Supreme Court's decision
will likely open the door to more lawsuits against retailers in
Massachusetts. Plaintiffs may now file actions against
retailers who collect ZIP code information during a credit
card transaction and, consistent with the Supreme Court's
broad interpretation of personal identification information,
plaintiffs may try to expand the definition of personal
identification information even further to include other types
of information. In addition, the Supreme Court's decision
has lowered the bar for plaintiffs who struggle to prove that they
have been injured in these cases. Under the Supreme
Court's ruling, a plaintiff no longer needs to demonstrate that
he or she has suffered identity theft in order to maintain a cause
of action. Significantly, the Court stated that receipt of
unwanted marketing materials or the sale of a consumer's
personal identification information to a third-party can constitute
an injury sufficient to maintain an action. As a result of
the Supreme Court's decision, retailers in Massachusetts should
review and evaluate their data collection practices.
Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
At last week's Health Care Compliance Association's annual "Compliance Institute," Iliana Peters, HHS Office for Civil Rights' Senior Advisor for HIPAA Compliance and Enforcement, provided a thorough update of HIPAA enforcement trends as well as a road map to OCR's current and future endeavors.
The challenges that come along with securing sensitive information are unprecedented. It has become extremely difficult to protect data which is stored electronically, and breaches have unfortunately become a frequent occurrence.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).