Earlier this year, Washington passed an amended version of its data breach notification law, which goes into effect Friday July 24, 2015. Washington’s updated breach notification statute will now, among other things, require compromised entities to notify the state Attorney General (AG) in some circumstances, and require notification to both consumers and, as applicable, the […]
Security Breach
Connecticut Passes Bill to Require Identity Theft Protection Services In Certain Breaches
On June 11, Connecticut SB949 became a Public Act, after being passed by both chambers of the state legislature. Governor Dannel Malloy can now either sign the bill or take no action for it to become law. SB949 will, among other provisions, require companies that experience a security breach requiring notice to individuals under Connecticut […]
FTC Looks “More Favorably” Upon Companies That Report Data Breaches to Law Enforcement
The Federal Trade Commission recently announced that it views companies that report data breaches to appropriate law enforcers “more favorably” than those companies that are less cooperative. Mark Eichorn, Assistant Director in the Bureau of Consumer Protection’s Division of Privacy and Identity Protection, included the announcement in a May 20, 2015 blog post, describing a […]
Visa Updates Global Compromised Account Recovery Program
On May 14, 2015, Visa announced several updates to its Global Compromised Account Recovery Program (“GCAR”), which helps card issuers recover costs and fraud losses after a data compromise. These modifications appear to be designed to address changes in the payment environment and align GCAR recoveries more closely with the current estimated costs and risks […]
Target, MasterCard Settlement Allowed to Proceed
The court in In re: Target Corporation Customer Data Security Breach Litigation (D. Minn. MDL No. 14-2522) today entered an order denying the plaintiffs’ motion to enjoin a settlement between MasterCard and Target stemming from the 2013 security breach of Target’s systems. The parties had agreed that Target would pay MasterCard $19 million for damages […]