European Commission Releases Formal Proposal on Data Protection Reform
By Robert Stankey and Adam Shoemaker
On Jan. 25, 2012, the European Commission released the final version of its proposed revisions to the European Union’s data protection framework. The package of changes represents a comprehensive reform of the EU’s 1995 data protection rules.
Continue Reading...In a departure from the recent trend of courts refusing to allow data breach claimants to seek mitigation damages, the First Circuit recently held in Anderson v. Hannaford Bros. Co. that credit and debit card payment processors may be held liable for mitigation damages in the wake of targeted card-number theft by a criminal enterprise. In Hannaford, the appeals court reversed a decision below that dismissed negligence and implied contract claims arising out of a 2007 breach of grocer Hannaford’s electronic payment processing system, which resulted in the theft of 4.2 million credit and debit card numbers. The First Circuit’s decision suggests credit and debit card payment processors may be at a higher risk than previously thought of facing viable class action claims in the wake of data breaches.
Continue Reading...By: Micah Ratner
A U.S. District Court in the Eastern Disrict of Michigan has issued its decision in Experi-Metal, Inc. v. Comerica Bank, holding that a bank—instead of the bank’s customer—was liable for $560,000 in unrecovered funds from a phishing attack. The case is noteworthy because a customer is typically liable for unauthorized transfers under Uniform Commercial Code (“U.C.C”) Article 4A. Under U.C.C. Section 4A-202, the customer is responsible for unauthorized transfers if (1) the bank and customer agree that the bank will authenticate transfers through a security procedure, (2) the security procedure is commercially reasonable, and (3) the bank accepted the transfer in good faith.
Continue Reading...Those of you who were once frequent visitors to this blog may, by now, be asking one or more of the following questions:
(a) Why haven’t you guys posted anything for so many months?
(b) Why does the site look different?
(c) Who’s going to win the NBA playoffs?
(d) Why did they cancel My Name is Earl?
Well, the first two at least. The truth is that this blog was started in August 2005, and ran steadily (sometimes more steadily than others) for about three years. As blogs go, that’s a fairly distinguished record – there are more abandoned blogs lining the sides of the Information Superhighway than there are hubcaps along the Cross Bronx. Wait, did we actually just use the phrase “Information Superhighway”? Because that is so 2005. As is that phrase we just used.
So anyway, when our firm decided to revamp its website, we took this as an opportunity to think seriously (read: discuss over drinks) what we wanted to accomplish with this blog, and what we needed to do to keep it fresh and relevant. The process has taken a bit longer than we expected, but here’s where we are:
Rather than a long list of bloggers, you will be getting regular updates from just five of us – and henceforth there will be no more posts in this annoying third-person, royal we, voice. We may have some guest bloggers on occasion, but for the most part you can level any criticisms at the following:
Bruce Johnson, our Burgermeister-Meisterburger, who will be blogging on the topic of Personal Communications (blogging, employee/employer relations, etc.)
Randy Gainer, who will be captivating you with stories about the Government Surveillance (ECPA/CFAA, CALEA, REAL ID/travel issues, etc.)
Charlene Brownlee, who is by far the most stylish among us (and who will be blogging on the subject of Data Breaches and identity-theft laws)
Ronald London, who will endeavor to keep an eye on Congress and will be blogging about telemarketing, junk fax, CAN-SPAM, behavioral/advanced advertising, and CPNI (which we’ll call Marketing and Consumer Privacy)
Lance Koonce, who will try not to mangle any stories about Online Threats such as hacking, phishing, pharming, pretexting, malware/spyware, and offline versions such as dumpster diving and the theft/loss of data-containing devices.
We do not purport to be a source for all news that touches on privacy and security – the field has exploded and aggregating such information would be a full-time career. Rather, we hope to tease out interesting aspects of specific issues within our areas of coverage. We hope you’ll take a look, and keep coming back if what you see intrigues you.
Thanks,
The PrivSecBlog Team
And by the way:
The Lakers.
Ratings. And possibly bad karma.
Enter keywords:
Add this blog to your feeds or put your e-mail in the box below and hit GO to subscribe by e-mail.