Privacy Law Blog : Privacy Lawyers & Attorneys : Proskauer Rose Law Firm : CAN-SPAM, FCRA, FACTA

On March 22, 2010, Washington Governor Christine Gregoire signed H.B. 1149 into law, making her state the second behind Minnesota (see our post here) to hold businesses and governmental entities responsible to financial institutions for certain costs arising from payment card information breaches. As of July 1, entities that process more than 6 million credit or debit card transactions annually (referred to in PCI parlance as “level 1” merchants) who fail to reasonably safeguard card information can be required to reimburse financial institutions for the costs related to the re-issuance of cards as well as attorneys fees and costs in the event that a security breach involving payment card information is a proximate result. H.B. 1149 also includes a provision to make vendors of card processing software and equipment liable to financial institutions for these costs to the extent such damages are proximately caused by the vendor’s negligence. The amount of such damages, of course, will depend on the particular breach.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On April 7, 2010, Mississippi Governor Haley Barbour signed H.B. 583, making his state the forty-sixth state with a security breach notification law on the books.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In a continuation of the Stengart v. Loving Care Agency case we wrote about here, the New Jersey Supreme Court ruled on March 30, 2010 that emails sent by an employee from a company laptop via a web-based email account (Yahoo!) to her attorney were protected from disclosure by the attorney-client privilege. In reaching this conclusion, the Court also ruled and provided insight on a far broader and more practical issue for employers -- namely, how to draft enforceable computer usage policies and/or make existing policies more effective.

Click here for more about this momentous decision and some practical tips about drafting sustainable computer usage policies from Proskauer’s Labor & Employment attorneys who submitted a “friend of the court” brief in the case on behalf of Employers Association of New Jersey.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On March 25, 2010, the Federal Trade Commission (“FTC”) announced that it had entered into a settlement with entertainment operator, Dave & Buster’s, Inc., for alleged violations of Section 5(a) of the FTC Act, and for “engag[ing] in a number of practices that, taken together, failed to provide reasonable and appropriate security for personal information on its networks.”

The settlement marks the 27th case brought by the FTC against a company for insufficient data security practices.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On March 8, 2010 the U.S. District Court for the Southern District of New York issued the latest opinion addressing the conflict between U.S. discovery laws and foreign blocking statutes.  In Gucci Amer., Inc. v. Curveal Fashion, No. 09 Civ. 8458, 2010 WL 808639 (S.D.N.Y. Mar. 8, 2010), the court compelled the third-party U.S. parent (the "U.S. Parent") of a foreign bank, to produce documents located at its subsidiary despite claims that such production was illegal under the Malaysian law.

• Email This
• Print
• Comments
• Trackbacks
• Share Link