The Massachusetts AG Reaches Agreement With Bank Over Alleged Violations of the State’s Data Security Regulations


On July 28, 2011, the Massachusetts Attorney General (“AG”) entered into an agreement with a Massachusetts bank regarding alleged violations of the state’s data security regulation. Specifically, the Massachusetts AG entered into an Assurance of Discontinuance with the bank (in lieu of an enforcement action), in which the bank agreed to comply with the state’s data security regulations, as well as to pay a civil penalty of $7,500.

According to the Massachusetts AG’s press release, a bank employee left an unencrypted backup tape, containing, among other things, Social Security numbers and account numbers of Massachusetts residents, on a desk at the end of the work day, rather than storing the tape in a vault. Reportedly, surveillance footage showed that the backup tape then was inadvertently thrown away by the bank’s cleaning crew. The AG’s press release, however, indicates that ultimately the tape was likely to have been “incinerated” by the bank’s waste disposal company.

In its Assurance of Discontinuance, the Massachusetts AG alleged that this incident involved two violations of the state’s data security regulations. First, the AG alleged that the bank violated the regulations by “maintaining personal information on unencrypted backup data tapes.” Second, the AG alleged that the bank violated the regulations by “failing to follow its own Written Information Security Program . . . resulting in the improper handling and subsequent loss of a backup data tape.” The AG raised this second allegation even though neither the AG nor the bank had any information indicating that any personal information had been acquired or used by an unauthorized person.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP | Attorney Advertising

Written by:


Morrison & Foerster LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.