The importance of a comprehensive written information security program

The U.S. District Court for the District of Massachusetts recently received a filing from a potentially large group of Massachusetts residents who allege their personal and private information was exposed in a data breach at the law firm of Cohen Cleary, P.C. The case serves as a reminder that Massachusetts law requires businesses that store personal information in physical or electronic records to enact strong programs to prevent such events from occurring—and to make clear plans in the event there is a breach.

Class action litigation

According to a recently filed class action, Jewell Weekes and several thousand others had their personal information exposed because of a data breach in the electronic files of south shore-based law firm Cohen Cleary, P.C. In a statement on its website, the firm acknowledged that in January 2022 “an unauthorized party accessed a limited number of files from our system.” It also admitted that files accessed during the breach had contained personally identifying and protected health information.

The lawsuit alleges the breach’s exposure of names, addresses, dates of birth, Social Security numbers, and medical information was a result of the firm’s failure to take reasonable measures to safeguard such information, and such negligence has caused them damage including loss of privacy and economic losses.