Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Developments & Commentary

PCI DSS v. 3.2: New Requirements Coming to Protect Your Customers’ Wallets

PCI Council announces that new requirements will be considered “best practices” until compliance becomes mandatory on Feb.1, 2018 The Payment Card Industry (PCI) Security Standards Council (PCI Council) released Version 3.2 of the PCI Data Security Standard (PCI DSS), containing several new requirements for merchants, acquirers, and other ent… Continue Reading

Breaking: EU Officially Approves Privacy Shield

U.S. companies will be able to import data from the EU under the streamlined data transfer regime starting August 1 Personal data transfers from the European Union are about to get easier for U.S. companies. On July 12, 2016, the European Commission announced that it officially approved the EU-U.S. Privacy Shield, paving ...

Definition of “PII” Under VPPA Continues to Evolve with 3rd Circuit Ruling

On June 27, 2016, the U.S. Court of Appeals for the Third Circuit became the latest appellate court to weigh how the Video Privacy Protection Act (VPPA or “the Act”) – a 1988 statute meant to protect consumer privacy by prohibiting the disclosure of a consumer’s video rentals or purchases ...

OCR Enters Into First Settlement With a Business Associate

The U.S. Department of Health & Human Services Office for Civil Rights (OCR) has entered into a Resolution Agreement with a business associate over allegations that it potentially violated the Health Insurance Portability and Accountability Act (HIPAA) Security Rule by failing to protect electronic protected health information (ePHI). On June 2… ...

What if Apple and the FBI went to SCOTUS?

Davis Wright attorneys Robert Corn-Revere and Ronald London recently argued the privacy and First Amendment interests in a “moot Supreme Court” session at the Newseum that sought to approximate appellate review of the issues arising out of the FBI’s effort to access the smart phones of the suspects in the ...

Resources & Updates

Cybersecurity Response to Recent Wholesale Payment Systems Breaches

In February 2016, hackers stole $81 million from the Bangladesh central bank by sending fraudulent messages through the Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging system. Three months later, hackers attempted to steal over $1 million from a commercial bank in Vietnam using a similar method. Since then, almost a ...

HIPAA Enforcement Actions by the Numbers

Protecting patient information is a central duty for both covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA).  Should a HIPAA-subject entity ever fail to protect patient information, it may face possible enforcement action from the U.S. Department of Health and Human Services’ Office f… ...

Credit Card Data Breaches: Protecting Against Surprises

For retailers, the costs involved with a credit card data breach go well beyond the immediate needs of retaining a privileged forensic investigator, hiring outside counsel and public relations and crisis management advisors, and notifying customers of the breach and offering credit protection services to them. DWT PrivSec and Payments team ...

A Crash Course on the Internet of Things

You may have heard the term, but how well do you really understand the “Internet of Things”? Armed with an ever-increasing list of Internet-connected devices capable of collecting employee data, how can your company leverage advantages to employee productivity and collaboration and reduce exposure to information security and privacy pitfalls? R… Continue ...

Is Privacy Tourism Coming to Britain?

The United Kingdom is known for Downton Abbey, earl grey tea and libel tourism.  Yes, there have been countless lawsuits over free speech transcending continents, but as of May 2012 the British government overhauled such libel cases. Privacy laws, however, could be the loophole. DWT’s Robert Balin, weighs his concerns with ...