Proskauer on Privacy

Category Archives: Financial Privacy

Subscribe to Financial Privacy RSS Feed

PCI Council Issues Biz Tips to Reduce 3rd Party Security Risk

On August 7, 2014 the PCI Security Standards Council issued new guidance to supplement PCI DSS Requirement 3.0 and help organizations reduce the risks associated with entrusting third-party service providers (“TPSPs”) with consumer payment information.  More and more merchants use TPSPs to store, process and transmit cardholder data or manage components of the entity’s cardholder … Continue Reading

California Supreme Court Holds Online Retailers of Downloadable Products May Require Personally Identifying Information For Credit Card Transactions

The California Supreme Court held on February 4, 2013 that the provision of the Song-Beverly Credit Card Act of 1971 (the “Act”) prohibiting retailers from requesting personally identifying information as a condition to processing credit card transactions does not apply to online purchases of electronically downloadable items. (Apple v. Super. Ct., S199384, Case No. B238097.) … Continue Reading

Alternative Trading System Agrees to Pay $800K for Failure to Protect Confidential Information

Earlier this month, the Securities and Exchange Commission (“SEC”) instituted public administrative and cease and desist proceedings against eBX, LLC (“eBX”), a broker-dealer registered with the SEC.  eBX operates LeveL ATS, an alternative trading system (“ATS”) known as a “black pool,” which is a proprietary market where traders may exchange large blocks of stock with … Continue Reading

Broker and Compliance Officer of Broker-Dealer Firm Personally Fined by SEC for Customer Privacy Violations

On April 7, 2011, the SEC announced that it had imposed fines of $20,000 each against the former president of a broker-dealer and a former broker for their actions in transferring customer information to a new firm as the defunct firm wound down. The SEC also fined the brokerage firm's former chief compliance officer $15,000 for compliance failures and security breaches that took place at the defunct firm, some dating back to 2005. Visit our blog to learn more. … Continue Reading

Superiority Beats Enormity: 9th Circuit Rejects Denial of FACTA Class Certification Based on Disproportionality of Damages

In a decision filed September 27, 2010, the U.S. Court of Appeals for the Ninth Circuit reversed a California district court's refusal to certify a class action alleging violations of the Fair and Accurate Credit Transactions Act ("FACTA"). The Ninth Circuit ruled that none of the three grounds advanced below - the disproportionality between the potential liability and the actual harm suffered, the enormity of the potential damages, or the defendant's good faith compliance with FACTA after being sued - justified denying class certification on superiority grounds. The Ninth Circuit's decision narrows, if not eliminates, the potential for disagreement among district courts on an issue that has for some time been a fly in the ointment for class action plaintiffs (and their attorneys) hoping for big paydays on account of harmless technical violations of FACTA. … Continue Reading

Seventh Circuit Affirms District Court Decision that “Electronically Printed” Receipts Under FACTA Does Not Include Receipts Emailed to Consumers

On August 10, 2010, the U.S. Court of Appeals for the Seventh Circuit upheld an earlier ruling by the Northern District of Illinois Eastern Division that email order confirmations are not “electronically printed” receipts under the Fair and Accurate Credit Transactions Act (“FACTA”) amendments to the Fair Credit Reporting Act. Shlahtichman v.1-800 Contacts Inc., Case … Continue Reading

Bellwether or Bust? Washington Governor Signs Payment Card Data Breach Liability Provisions Into Law

On March 22, 2010, Washington Governor Christine Gregoire signed H.B. 1149 into law, making her state the second behind Minnesota to hold businesses and governmental entities responsible to financial institutions for certain costs arising from payment card information breaches. As of July 1, entities that process more than 6 million credit or debit card transactions annually who fail to reasonably safeguard card information can be required to reimburse financial institutions for the costs related to the re-issuance of cards as well as attorneys fees and costs in the event that a security breach involving payment card information is a proximate result. … Continue Reading

We’ll Give You (and Your Friends) a Hoodie to Go Away: Class Settlement in FACTA Truncation Lawsuit Receives Preliminary Approval

On February 3, 2010, the U.S. District Court for the Western District of Pennsylvania preliminarily approved a class action settlement between Aramark Sports, LLC and a class of approximately 5,000 customers who made credit or debit card purchases from stores at PNC Park in Pittsburgh, Pennsylvania. If approved, the proposed settlement would resolve allegations made by the plaintiffs that Aramark violated the Fair and Accurate Credit Transactions Act's ("FACTA") truncation requirements by electronically printing receipts that contained (a) more than the last 5 digits of the plaintiffs' credit or debit card numbers and/or (b) the expiration date of such cards. … Continue Reading

FINRA Fines Member Firm $175,000 for Failure to Protect Confidential Customer Information

The Financial Industry Regulatory Authority (FINRA) announced on April 28, 2009 that it had fined Centaurus Financial, Inc., of Anaheim, California, $175,000 for Centaurus’s failure to protect confidential customer information. FINRA also required Centaurus to send notifications to affected customers and their brokers, provide one year of credit monitoring at no cost to the affected customers, … Continue Reading

Feud of the Forms — The Battle of The GLBA Notices

The report by Drs. Alan Levy and Manoj Hastak, Consumer Comprehension of Financial Privacy Notices, uses the results of a mall-intercept study to compare the performance of a prototype financial privacy notice developed by the Kleimann Communication Group ("KCG") during the first phase of the INP against three alternative notices. The Levy-Hastak report, among other things, confirms what proponents of the INP suspected - some GLBA privacy notices are largely ineffective in conveying information to consumers that allows them to make rational decisions about the sharing of their personal financial information. … Continue Reading

Florida Cases Remind Retailers that Printing Expiration Dates after Enactment of the Receipt Clarification Act Violates FACTA

The Fair and Accurate Credit Transactions Act (“FACTA”) amendments to the Fair Credit Reporting Act prohibit, among other things, the printing of expiration dates on receipts presented to credit or debit card holders.  Two recent cases from the U.S. District Court for the Southern District of Florida, Smith v. Zazzle.com, Inc. (see our blog post … Continue Reading

District Court Rules FACTA Inapplicable to Online Receipts

On December 8, 2008, in Smith v. Zazzle.com Inc., No. 08-22371-CIV-KING, 2008 U.S. Dist. LEXIS 101050 (S.D. Fla. Dec. 9, 2008) Judge James Lawrence King of the Southern District of Florida held FACTA’s credit card number truncation requirement inapplicable to receipts displayed on-screen or printed by online customers.  Judge King dismissed the case on this … Continue Reading

Red Flag Alert — Compliance Deadline is November 1, 2008

According to regulations published by the Federal Trade Commission and the federal banking agencies, covered companies that hold any customer accounts must implement identity theft prevention programs that identify and detect "Red Flags" signaling possible identity theft. Companies establishing such programs must create policies and procedures not only to recognize and detect Red Flags, but also to respond to Red Flags by preventing or mitigating potential identity theft. Furthermore, companies must develop reasonable policies and procedures to verify the identity of a customer opening an account, and must also periodically update their identity theft programs. The rules went into effect on January 1, 2008, and businesses must comply by November 1, 2008. … Continue Reading

Expiration Date Imminent for Many FACTA Class Actions

New amendments to the Fair and Accurate Transactions Act ("FACTA") (itself an amendment to the Fair Credit Reporting Act ("FCRA")) bar consumers from alleging willful violation and seeking statutory damages based on the printing of credit card expiration dates on receipts where the account number is otherwise properly truncated in accordance with FACTA. This development means the end is near for scores of class action lawsuits filed last year. … Continue Reading

Seller Beware: Florida district court rules that FACTA applies to electronic receipts and receipts printed in stores

The Southern District of Florida has held that the Fair Credit Reporting Act (FACTA), applies to both electronic receipts from online purchases and receipts printed in stores. In Grabein v. 1-800-Flowers.com, Inc., 07-22235-CIV, 2008 WL 343179 (S.D. Fla. Jan. 29, 2008), Plaintiff filed a class action lawsuit after he used a credit card to purchase flowers … Continue Reading

Court Rules that Legitimate Privacy Concerns Do Not Outweigh SEC’s Interest in Discovering Relevant Financial Records in Backdating Matter

Balancing privacy and evidentiary interests in a stock option backdating matter, the Northern District of California held on June 11, 2007 that the SEC's interest in obtaining banking account information of defendant Gregory Reyes, ex-CEO of Brocade Communications, outweighs Reyes' financial history privacy interests. SEC v. Reyes, No. C 06-04435 CRB (N.D. Cal. 2007). … Continue Reading

When Reckless Means Willful – High Court Issues Landmark Decision Under the Fair Credit Reporting Act

Since December 4, 2006, consumers have filed dozens of class actions against retailers and other businesses across the country alleging "willful" violations of the Fair and Accurate Credit Transactions Act ("FACTA") amendments to the Fair Credit Reporting Act ("FCRA"), prohibiting the printing of more than five digits, or the expiration date, of a credit card on receipts provided to the customer. Defendants in those cases have been waiting anxiously for the Supreme Court to rule in Safeco Insurance Co. of America, et al. v. Burr, et al., 551 U.S. _____ (2007), a factually inapposite matter in which the Court granted certiorari to determine whether "reckless disregard" suffices for willfulness under the statute. In a decision that raises as many questions as it answers, the Supreme Court held on June 4, 2007 that "reckless" failure to comply with FCRA can be considered willful. The Court's opinion begs the question whether it was objectively reasonable for retailers to continue the printing of expiration dates on customer receipts after FACTA took full effect. … Continue Reading
LexBlog

This website uses third party cookies, over which we have no control. To deactivate the use of third party advertising cookies, you should alter the settings in your browser.

OK