Earlier this year, Washington passed an amended version of its data breach notification law, which goes into effect Friday July 24, 2015. Washington’s updated breach notification statute will now, among other things, require compromised entities to notify the state Attorney General (AG) in some circumstances, and require notification to both consumers and, as applicable, the […]
Cybersecurity
PCI Security Standards Council Issues New Supplementary Compliance Requirements for the Data Security Standard
The Payment Card Industry (“PCI”) Security Standards Council (“SSC”) recently published a supplement to the PCI Data Security Standard (“DSS”) that will require certain Designated Entities to comply with an additional set of compliance-based requirements. The additional requirements, called the “Designated Entities Supplemental Validation,” or DESV, are designed to “help organizations make payment security part […]
Peter Swire Testifies Before Senate Judiciary Committee on Encryption
Alston & Bird Senior Counsel Peter Swire testified today before the Senate Judiciary Committee as part of its hearing entitled, Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy. The hearing, held on July 8, 2015, featured Sally Quillian Yates, Deputy Attorney General, and James B. Comey, Jr., Director of the Federal […]
FFIEC Issues Optional Cybersecurity Assessment Tool
On June 30, 2015, the Office of the Comptroller of the Currency (OCC) announced that the Federal Financial Institutions Examination Council (FFIEC) has issued an optional Cybersecurity Assessment Tool (Assessment) for banking institutions (“institution”) to use to evaluate risks and cybersecurity maturity (i.e., level of preparedness). OCC also announced that it would “gradually incorporate the […]
Rhode Island Updates Identity Theft Protection Act; Requires Notice Within 45 Days of Data Breach
In the absence of action by the U.S. Congress to pass a national data breach notification law, many states stepped into the breach to update their laws this year to add more specific notice guidelines, a requirement to notify the state’s attorney general or another state official, and to require entities that maintain personal information […]