In connection with a class action lawsuit filed against Michaels
Stores Inc., the United States District Court for the District of
Massachusetts certified to the Supreme Judicial Court of
Massachusetts three questions: (1) whether a ZIP code constitutes
personal identification information; (2) whether, under the
Massachusetts statute prohibiting collection of personal
identification information during a credit card
transaction, a plaintiff may pursue a claim without any
evidence of identity theft; and (3) whether, under the statute a
"credit card transaction form" includes an electronic
transaction form. Earlier this week, the Supreme
Court answered "yes" to all three of these
questions. A copy of the Court's opinion is attached
here. The Supreme Court's decision
will likely open the door to more lawsuits against retailers in
Massachusetts. Plaintiffs may now file actions against
retailers who collect ZIP code information during a credit
card transaction and, consistent with the Supreme Court's
broad interpretation of personal identification information,
plaintiffs may try to expand the definition of personal
identification information even further to include other types
of information. In addition, the Supreme Court's decision
has lowered the bar for plaintiffs who struggle to prove that they
have been injured in these cases. Under the Supreme
Court's ruling, a plaintiff no longer needs to demonstrate that
he or she has suffered identity theft in order to maintain a cause
of action. Significantly, the Court stated that receipt of
unwanted marketing materials or the sale of a consumer's
personal identification information to a third-party can constitute
an injury sufficient to maintain an action. As a result of
the Supreme Court's decision, retailers in Massachusetts should
review and evaluate their data collection practices.
The Federal Financial Institutions Examination Council (FFIEC) released a Cybersecurity Assessment Tool (CAT) on June 30, 2015, to assist organizations in identifying cyber risks and assessing their cybersecurity preparedness.
The FFIEC notes cyberattacks have become more common. New platforms, such as cloud and social media, and new technologies, such as mobile devices and applications, are creating new cyberattack opportunities.
Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.
We previously reported here that CNA filed a lawsuit against its insured Cottage Health System seeking reimbursement of amounts that it previously paid under Cottage's cyber liability insurance policy.