When it comes to protecting your organization from cyber threats, Managed Detection and Response (MDR) services are a must. But many businesses overlook the importance of compliance and insurance needs associated with...more
When it comes to providing Managed Detection and Response (MDR) solutions for businesses, the idea of one size fits all is being replaced by the concept of right-sizing. A one-size-fits-all option is a preconfigured security...more
Editor’s Note: On February 15, 2023, HaystackID shared an educational webcast to provide valuable insight into the ways in which AI is being used to address key issues in the realm of privacy and cybersecurity. The expert...more
State Attorneys General settle with Wawa, Inc. for 2019 data breach that compromised approximately 34 million payment cards used by consumers. On July 26, 2022, Acting New Jersey Attorney General Matthew J. Platkin...more
As of January 1, 2020, California became the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages between $100-$750 per incident, even in the absence of any actual...more
For most retailers credit cards are the primary form in which payments are made. Accepting credit cards, however, carries significant data security risks and potential legal liability. ...more
The U.S. District Court for the District of Colorado recently dismissed a proposed class action lawsuit filed by financial institutions relating to a 2016 data breach that involved hundreds of Noodles & Company (Noodles)...more
I’ve previously blogged about a new breed of data breach class actions filed by financial institutions against retailers (as opposed to customers suing retailers). In these cases, financial institutions claim that retailers...more
Special Focus on “Safe Harbor 2.0,” Privacy Shield and E.U. Data Transfers: Alston & Bird’s privacy team has been closely following the development of Privacy Shield, the proposed successor to the E.U.-U.S. Safe Harbor...more
Retailers that accept credit cards are typically required by the payment card brands to show that they are in compliance with the Payment Card Industry Data Security Standards or “PCI DSS” at least once a year. How a retailer...more
Earlier this week, the FTC issued orders to nine credit card and payment security auditors in an effort to gain insight into data security compliance auditing and its role in protecting consumers’ information and privacy....more
On December 24, 2015, Nevada casino owner Affinity Gaming filed suit against Trustwave in federal district court, alleging that Trustwave failed to contain and remediate a data breach at Affinity Gaming. ...more
Increasingly, companies are raising questions about PCI-DSS and its applicability to their businesses. This Legal Alert summarizes the basic aspects of PCI-DSS and its application....more
While the market for specialty cyber insurance policies has heated up considerably over the past few years, a good deal of uncertainty still affects the market as the scope of these newly-minted policy provisions remains...more
After four years of litigation, this past Wednesday, Wyndham Worldwide Corporation and three of its subsidiaries (collectively, “Wyndham”) settled the Federal Trade Commission’s (“FTC”) allegations that the global...more
What card payment rules must a retailer operating in the United States follow? MS: When a merchant uses, transmits, stores or outsources the credit card function, it is subject to a number of rules in the U.S.,...more
Many of the largest retailer data security breaches have been caused or enabled by the acts or omissions of retailers’ vendors, such as the widely publicized incident at Target Corporation. Several such breaches occurred...more
The PCI Security Standards Council (PCI-SSC) has released new guidance on its website advising merchants how to deal with a data breach. The guidance particularly details when a PCI Forensic Investigator (PFI) will be...more
Becomes the fifth state to amend its data breach statute since January 2015 The definition of “personal information” (“PI”) just got a little bit bigger in the Silver State. On May 13, Nevada Governor Brian Sandoval signed...more
We released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. Over the next four weeks, we...more