The Payment Card Industry (“PCI”) Security Standards Council (“SSC”) recently published a supplement to the PCI Data Security Standard (“DSS”) that will require certain Designated Entities to comply with an additional set of compliance-based requirements. The additional requirements, called the “Designated Entities Supplemental Validation,” or DESV, are designed to “help organizations make payment security part […]
Canadian Parliament Amends PIPEDA with the Digital Privacy Act
On June 18, 2015, the Canadian Parliament passed into law the Digital Privacy Act (the “Act”), which amends Canada’s federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA applies to businesses in every Canadian province except British Columbia, Alberta and Quebec; however, businesses in those provinces may become subject to […]
Peter Swire Testifies Before Senate Judiciary Committee on Encryption
Alston & Bird Senior Counsel Peter Swire testified today before the Senate Judiciary Committee as part of its hearing entitled, Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy. The hearing, held on July 8, 2015, featured Sally Quillian Yates, Deputy Attorney General, and James B. Comey, Jr., Director of the Federal […]
Rhode Island Updates Identity Theft Protection Act; Requires Notice Within 45 Days of Data Breach
In the absence of action by the U.S. Congress to pass a national data breach notification law, many states stepped into the breach to update their laws this year to add more specific notice guidelines, a requirement to notify the state’s attorney general or another state official, and to require entities that maintain personal information […]
FTC Releases New Data Security Guidance for Businesses, Announces Conference Series
The Federal Trade Commission has released new guidance, called “Start with Security,” intended to assist businesses to improve their data security practices based on lessons learned from its 53 data security cases to date. Issued on June 30, 2015, the guidance “distill[s] the facts of those cases down to their essence” in ten “lessons to […]