In This Issue
Data Breach Law Takes Effect in Massachusetts: Are You Ready?
The most stringent data security law in the country took effect in Massachusetts on March 1, requiring all entities to create a written data security plan and mandating the encryption of consumers’ personal information.
The regulations apply to any entity engaged in commerce in the state of Massachusetts, specifically, those who collect and retain personal information in connection with the provision of goods and services, or for the purpose of employment.
The law requires that all entities that store or transmit personal information – defined as a Massachusetts resident’s name in combination with a social security number, driver’s license number, bank account, or credit card number – must encrypt data that is stored on portable devices or transmitted online.
In addition, companies must create a written data security plan that identifies their sensitive information, possible security risks, how they plan to control those risks, and disciplinary measures for violations.
At least one employee must be designated as the responsible party for the company’s data security and other employees must be trained on the security procedures.
Companies are also responsible for third parties that have access to their personal information and must conduct an annual audit to ensure that they are in compliance with the law.
Massachusetts had a preexisting data breach law that established requirements to notify state regulators and consumers of a data loss, which remains in effect.
Under the new law, companies that fail to comply and suffer a data breach can be fined up to $5,000 for each violation.
The law was originally slated to go into effect January 1, 2009, but was pushed back three times over the last year, as the state recognized that companies were struggling to come into compliance by its effective date.
Why it matters: Almost every state now has some form of data breach notification law, but the Massachusetts regulations are the wave of the future, taking the laws from reactive notice after a breach to proactive requirements that businesses must meet in order to prevent a data breach. It is unclear how the state will actually enforce the new law, but companies that deal with any Massachusetts consumer information should be well-versed in the new requirements. While the cost of compliance could be high, the cost of even a small data breach could be even more expensive.
back to top
Dannon Settles Activia False Advertising Suit for $45 Million
A U.S. District Court judge gave final approval to a $45 million settlement in a class action alleging that Dannon falsely advertised the health benefits of its Activia and DanActive yogurt products.
While Dannon will initially pay $35 million into the settlement fund – which will be split among class members, the plaintiffs’ lawyers, and various fees and costs – if the total amount of eligible claims exceeds the fund, Dannon will add an additional $10 million (if the eligible claims exceed $45 million, they will be reduced on a proportional basis).
The lawsuit was filed two years ago claiming that advertisements for Activia and DanActive were false and misleading.
In addition to the monetary payment, Dannon agreed to modify the advertising for its products.
Under the terms of the settlement, Dannon will remove the words “clinically proven” and/or “scientifically proven” from ads and labeling for Activia that claim the yogurt helps to regulate the digestive system. Instead, the advertising and packaging will use language like “clinical studies show” or a similar phrase.
The claim that Activia “helps regulate the digestive system” must also be modified with an explanation that the product “helps with slow intestinal transit when eaten daily for two weeks, as part of a balanced diet and healthy lifestyle” or a similar statement. That qualification must be “prominently displayed” in advertising and marketing materials.
On DanActive labels and ads, Dannon will remove the word “immunity” and add qualifying language to its claim that the product “helps strengthen your body’s defenses” and “helps support the immune system.” Those statements will now note that the claims are true only “when eaten regularly as part of a balanced diet and healthy lifestyle.” The DanActive packaging and ads will also replace the phrases “clinically proven” and/or “scientifically proven” with language like “clinical studies show” or a similar phrase.
Dannon also agreed to update the “frequently asked questions” portion of the Web site for both products, as well as the inside product packaging to note that Activia and DanActive yogurts are food products “and not a cure or treatment for any medical disorder or disease. If you have concerns about your digestive system, you should consult a healthcare professional.”
Consumers have until October 1 to seek a refund ranging from $15 to $100.
The settlement agreement notes that Dannon continues to deny “any and all allegations of wrongdoing” but concluded that continuing the litigation would be protracted and expensive.
Why it matters: The settlement – which the plaintiffs’ lawyers claim is the largest settlement in a food product false advertising suit – demonstrates that companies should be prepared to substantiate all health-related claims or face litigation. In addition, Dannon’s changes to its labels and advertising under the settlement serve as an important reminder that companies shouldn’t truncate their claims but must provide all material information necessary to substantiate all claims.
back to top
Lawsuit Claims Buying Ads Would Lead to Better Reviews on Yelp
A California veterinarian filed suit against the online review site Yelp claiming that its advertising salespeople offered to remove or bury his bad reviews on the site if he purchased an advertising subscription.
Gregory Perrault, the owner of Cats and Dogs Animal Hospital in Long Beach, California, received what he described as two “defamatory” reviews on the Yelp site. One of the posts said he was “the rudest vet I’ve ever been to” and that “my poor dog was terrified of him.”
In his lawsuit, filed in U.S. District Court in California as a putative class action, Perrault claims he was contacted by Yelp advertising salespeople not long after the bad reviews were posted.
Perrault alleges that an advertising representative told him that if he purchased a one-year subscription, Yelp would remove the negative reviews or move them to the bottom of his listing page, where fewer searchers would find them.
In addition, the lawsuit states that the advertising representative promised to ensure that the negative reviews would not appear in Google search results and that Perrault could control the order in which his reviews appeared on the page.
Perrault says he received “frequent, high-pressure calls” from Yelp ad reps making similar claims.
“Yelp frequently exercises its control over the Yelp.com listing application to modify business listing pages to the advantage of businesses that purchase Yelp advertising subscriptions, and the disadvantage of those that decline,” the complaint alleges.
The complaint also lists several other examples of business owners who claim to have had similar experiences.
In response to the lawsuit, Yelp released a statement that the company plans to fight the lawsuit. “The allegations are demonstrably false, since many businesses that advertise on Yelp have both negative and positive reviews.”
Why it matters: The lawsuit claims that Yelp’s practices constitute “extortion” in violation of California’s Business Practices Act. To avoid allegations of unfair business practices, companies with online review Web sites should ensure that “public” or “reader” reviews are presented in an accurate and non-misleading manner.
back to top