Privacy/Data Security/Cyber Risk

Subscribe to Privacy/Data Security/Cyber Risk via RSS

The FTC “Red Flags Rule” mandating identity theft protection programs for financial institutions and a broad range of other companies will go into effect December 31, 2010. Red Flags are warning signals that should alert a business to the risk of identity theft. 
Read More The FTC’s Red Flags Rule on Identity Theft Protection Will Be Effective December 31, 2010

The New York Times and its reporter Ron Nixon (collectively the “Times”) brought an action pursuant to the Freedom of Information Act (the “Act”) against the United States Treasury in the New York Southern District court.  The Times sought to compel the Treasury Department to release the names of individuals who had been granted licenses by the Department’s Office of Foreign Assets Control (“OFAC”) to conduct business in or with foreign countries that would otherwise be unlawful under OFAC’s economic sanctions programs. 
Read More New York Court Compels Treasury Department to Release Identity of OFAC Licensees

This morrning, the Maine Supreme Court issued its decision in the matter of In re Hannaford Bros. Co. Customer Data Security Breach Litigation, Docket No. Fed-09-586, on a question certified to the Court by the United States District Court for the District of Maine in a pending action of the same name (Docket No. 08-md-01954).
Read More Maine Supreme Court Issues Decision in Hannaford Case, Rules That Time and Effort Spent Mitigating Harm from Data Theft Do Not Constitute Cognizable Injury

The Financial Services Authority (FSA) has reported that it has fined Zurich UK £2,275,000 for “failing to have adequate systems and controls in place to prevent the loss of customers’ confidential information“. According to the FSA’s Final Notice, “the breaches related to the management of risks associated with the security of customer information in the context of certain outsourcing arrangements.” 
Read More UK: FSA Fines Zurich UK

Two recent cases, one from the U.S. Supreme Court and one from the Supreme Court of New Jersey, suggest that companies need to periodically, if not immediately, update their computer and e-mail policies in order to minimize or prevent litigation when employees use the company’s systems for personal messages. 
Read More Recent Court Rulings on Employer Review of Employees’ Electronic Messages – Adjustment to Employer Policies Needed

Washington Governor Christine Gregoire recently signed HB 1149 into law.  Under HB 1149, if a person or entity that meets the definition of a “processor” or “business” that fails to take reasonable steps to guard against unauthorized access to credit or debit card account information that is in its possession, and such failure is found to be the proximate cause of a breach, the processor or business is liable to the financial institution for reimbursement of reasonable actual costs related to the reissuance of credit or debit cards, even if the financial institution has not suffered an injury as a result of the breach. 


Read More Washington New Credit Card Data Breach Liability Law

The California State Senate approved Senate Bill 1166 on April 15, 2010.  The bill amends sections 1798.29 and 1798.82 of the California Civil Code, which require state agencies and businesses to notify California residents of a data breach, by adding specific content requirements for such notices. 


Read More California Proposes Amendment to Data Breach Notification Law

An insurer that issued a school district liability policy to the Lower Merion School District has filed a declaratory judgment action, seeking a ruling that a recent privacy-related civil rights lawsuit against the school district is not covered by the policy. 
Read More Liability Insurer Seeks Declaration of No Coverage in School Laptop Monitoring Case