Under Mass ePrivacy Law 200 CMR 17.00, Belmont Savings Bank has agreed to pay a $7,500 fine in a settlement announced in July with the Mass State Attorney General’s Office. InfoSecurity reports that the Massachusetts based bank lost 13,000 client records after an employee left an unencrypted back-up tape of the records on their company desk overnight. Bank staff theorized that the tape was dropped in the trash by the night cleanup crew, and later incinerated. Belmont Savings is the second firm to settle with the Mass Attorney General’s Office after failing to comply with the new electronic privacy regulations.
Also under Mass ePrivacy Law 200 CMR 17.00, the Boston based restaurant chain, The Briar Group, agreed in March to pay a $110,000 fine after malware diverted credit-card data from their dinner guests over an 8-month span. Regulators charged that the chain allowed employees to share common passwords, and the chain continued to accept credit cards even after it knew of the breach. The Briar Group operates Boston’s Lenox Hotel, Ned Devine’s, Parris, The Anthem Kitchen & Bar, City Bar Waterfront, The Green Briar, and City Table. The chain maintains three locations at the popular Faneuil Hall Market Place on Boston’s historic waterfront. Reported in InfoSecurity.
Just in case you missed it, back in February, Massachusetts General Hospital was fined $1M by Health and Human Services after it lost records for 192 patients being treated for infectious disease most likely including HIV. The records were left by an employee on the MBTA. And they never returned and they never returned and their fate is still unlearned. They may ride forever beneath the streets of Boston, they’re the health records that never returned. Reported in InfoSecurity