We are now seeing a potential trend where states are incentivizing companies through the creation of safe harbors to improve their cybersecurity posture, instead of penalizing them after a breach of personal information. Utah...more
Keypoint: New Utah law creates incentive for businesses to develop and implement a written cybersecurity program to protect themselves against data breach lawsuits. On March 11, 2021, Utah governor Spencer Cox signed the...more
The Payment Card Industry (PCI) Security Standards Council (PCI Council) released Version 3.2 of the PCI Data Security Standard (PCI DSS), containing several new requirements for merchants, acquirers, and other entities that...more
This decision holds that Delaware does not recognize a claim for the implied warranty of accuracy for a report of an inspection company. Of course, that does not mean there is no breach of contract claim for inspection...more
While the market for specialty cyber insurance policies has heated up considerably over the past few years, a good deal of uncertainty still affects the market as the scope of these newly-minted policy provisions remains...more
On September 29, 2015, the PCI Security Standards Council (“PCI SSC”) issued a press release and accompanying guidance to businesses for incident response management in the event of a data breach. PCI SSC is a global forum...more
A security event involving payment card data, especially card present data, can be one of the most costly events a company may face. Not only did a recent study report the average total cost of a data breach as $3.8 million,...more
The PCI Security Standards Council (PCI-SSC) has released new guidance on its website advising merchants how to deal with a data breach. The guidance particularly details when a PCI Forensic Investigator (PFI) will be...more
There is another retail data breach to talk about in this Privacy Tuesday post – privacy & security bits and bytes to start your week....more
On August 7, 2014 the PCI Security Standards Council issued new guidance to supplement PCI DSS Requirement 3.0 and help organizations reduce the risks associated with entrusting third-party service providers (“TPSPs”) with...more
In a highly anticipated decision, a federal court in Tennessee let stand a retailer’s claims against Visa for violation of California’s Unfair Competition Law (UCL) and for common law claims for unjust enrichment and...more
Last week a small New England bakery announced that its point-of-sale (POS) devices were infected with malware that may have put card data at risk....more