Posted on October 28, 2011 by Ronald London

New DWT PaymentLawAdvisor Post on MasterCard and Visa Targeted Advertising Initiatives

Regular visitors to this site might want to also bookmark and/or regularly visit our newly launched PaymentLawAdvisor, which provides commentary and resources on the payment industry, and frequently addresses privacy and security issues as they relate to retail payments.

Presently, you can view PaymentLawAdvisor’s recent post about plans by Visa and MasterCard to push into the targeted ads and offers business.  After a recent Wall Street Journal article (subscription required) discussed those plans and how they aspire to link vast amounts of payment card transaction data with other cardholder personal data (such as Internet browsing habits, social network websites, credit bureaus, insurance claims, and even DNA databanks), the companies faced scrutiny from Senate Commerce Committee Chairman Jay Rockefeller (D-W. Va.), who sent them letters requesting more information about the privacy implications of their plans.  As PaymentLawAdvisor explains, such marketing tactics require careful structuring in order to comply with consumer privacy protections under the Gramm-Leach-Bliley Act (“GLBA”) and the Fair Credit Reporting Act (“FCRA”).

Tags:
Posted on October 25, 2011 by Ronald London

First Circuit Case Becomes One of First Successful Attempts to Assert Data Breach Class Action Liability

By Erin Nedenia Reid

In a departure from the recent trend of courts refusing to allow data breach claimants to seek mitigation damages, the First Circuit recently held in  Anderson v. Hannaford Bros. Co. that credit and debit card payment processors may be held liable for mitigation damages in the wake of targeted card-number theft by a criminal enterprise.   In Hannaford, the appeals court reversed a decision below that dismissed negligence and implied contract claims arising out of a 2007 breach of grocer Hannaford’s electronic payment processing system, which resulted in the theft of 4.2 million credit and debit card numbers.   The First Circuit’s decision suggests credit and debit card payment processors may be at a higher risk than previously thought of facing viable class action claims in the wake of data breaches.

Continue Reading...
Tags:
Posted on October 4, 2011 by Davis Wright Tremaine

Congressmen ask FTC to Investigate Internet Use of "Supercookies"

By David M. Silverman

Two Congressmen have written a letter to the Federal Trade Commission (FTC) asking the FTC to investigate certain websites’ use of “supercookies” to track the activities of website visitors after they have left the website and without their knowledge. The letter, written by Congressmen Joe Barton (R-TX) and Ed Markey (D-MA), is based on an August Wall Street Journal article discussing their use. The cookies have become a key issue based on concerns they may be placed without knowledge of computer users and are practically invisible to them. Such so-called “supercookies” differ from traditional HTTP cookies that track user data in that they are small files hidden within Adobe Flash and elsewhere that remain on users’ computers even when browsing history and cache are cleared, and can be picked up even when browsing in “private browsing” mode.

Continue Reading...
Tags: ,
Posted on October 3, 2011 by Davis Wright Tremaine

HHS Text4Health Task Force Makes Texting Recommendations to Secretary

By Adam H. Greene

On Sept. 19, 2011, the U.S. Department of Health and Human Services (HHS) announced recommendations from an internal Text4Health Task Force on ways in which HHS can best utilize text messaging to improve population health. One of the issues raised by the Task Force is the need for further research and guidance on the privacy and security of health text messaging.

Continue Reading...
Tags: