Correction Re: Connecticut Retailer Liability Law
All, I have to issue a correction concerning my reference to a Connecticut law in the article entitled “The Legal Implications of PCI.” In that article I indicated that Connecticut had passed a law...
View ArticleMore Companies Validated as PCI Compliant Breached
Despite the changes to PCI that went into effect in October 2008, more PCI-compliant entities are suffering security breaches. Added to the list of Hannaford, Best Western and Forever 21 are Heartland...
View ArticleWho is Minding the Legal Risk Around PCI?
An article I did for the ISSA Journal: Who is Minding the Legal Risk Around PCI?
View ArticleRuiz v. Gap: Increased Risk of ID Theft Not Damages
In a previous post this blog noted that a California Federal District Court denied a motion to dismiss a data breach negligence claim based on a lack of “damages.” Despite the partial “victory,” the...
View ArticleCredit Card Theives So Good They Have Too Much Data…
Some interesting statistics from a new report from Verizon Business. The Washington Post security writer sums it up nicely in terms of the payment card data market: [Verizon] said it responded to at...
View ArticleNevada Law Incorporates PCI and Provides a Liability Safe Harbor
Nevada appears to be the second State to incorporate the Payment Card Industry Data Security Standard (PCI) into its personal information security law. Minnesota is the other State that incorporated...
View ArticleFAQ on Nevada’s Security of Personal Information Law (NRS 603A)
InfoSecCompliance ("ISC") was recently asked by a prospective client to provide a summary of Nevada’s Security of Personal Information law (NRS 603A) and a recent amendment to the Security Law that...
View ArticleNevada’s Security of Personal Information Law Post Four: Encryption and PCI...
The following FAQs address the encryption and PCI compliance requirements of Nevada’s Security of Personal Information Law, which were added pursuant to a recent amendment to the law. The rest of the...
View ArticleLive from the IAPP Global Privacy Summit in Washington, DC, It’s Monday...
This week, I will be providing short updates from the IAPP Global Privacy Summit in Washington, DC. The conference will be in full swing tomorrow, and I will report on various panels and topics of...
View ArticleInformation Security Standards and Certifications in Contracting
When organizations contract for outsourced IT services, they look for assurances that the vendor will provide adequate security, often in the form of a security schedule or annex to the contract, or by...
View Article