On July 28, the Massachusetts Attorney General (“AG”) entered into an Assurance of Discontinuance with a Massachusetts bank (in lieu of an enforcement action) regarding alleged violations of the state’s data security regulations, in which the bank agreed to comply with the regulations, as well as to pay a penalty of $7,500. According to the AG’s press release, a bank employee left an unencrypted backup tape containing sensitive personal information on a desk at the end of the day, rather than storing the tape in a vault. Reportedly, the backup tape then was thrown away by the bank’s cleaning crew and then was likely to have been “incinerated” by the bank’s disposal company. The AG alleged that this incident involved two violations of the state’s data security regulations: (1) maintaining personal information on unencrypted backup data tapes; and (2) the bank’s failure to follow its written information security program, resulting in the improper handling and loss of the backup tape.