Based on an article by Edwards Angell Palmer & Dodge LLP, The Massachusetts Attorney General appears to have broken new ground with a recent enforcement action and fine against Briar Group, LLC, a restaurant chain that sustained a security breach exposing credit and debit card data. The papers filed in the case, and a related press release, shed light on the posture taken by the Massachusetts Attorney General in the enforcement of data security obligations, including the use of an alleged failure to comply with the Payment Card Industry Data Security Standards (“PCI-DSS”) as a basis for an enforcement action alleging consumer fraud. The fine levied in the amount of $110,000 and the continuing obligations imposed represent significant sanctions that may be faced by companies with personal information of Massachusetts residents that allegedly is not adequately protected against breach incidents.
As stated above compliance is key or there will be some serious fines and damage to your company’s reputation. Not to mention the violations against your customers…!