Monthly Archives: December 2009

Massachusetts’s Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift

By David Navetta on December 23, 2009 Posted in Damages, PCI

While the proverbial jury is still out concerning retailers’ sales success this 2009 holiday season, Massachusetts’s highest court (the Supreme Judicial Court or “Supreme Court” as referenced herein) delivered retailers a significant holiday gift in the form of an opinion slamming the door on some financial institutions seeking to recover reissuance costs arising out a… Continue Reading

Quickhits: AMEX settles with Heartland Payment Systems for $3.6 Million

By David Navetta on December 22, 2009 Posted in Heartland, PCI

Read all about it: HERE.

More on the Cloud, Discovery, and the Stored Communications Act

By Tanya Forsheit on December 16, 2009 Posted in Cloud Computing

My former colleague and friend Nolan Goldberg has written this nice piece on “Securing Communications in the Cloud” regarding the Central District of Illinois decision in US v. Weaver (yet another child pornography case contributing to the development of information law). Nolan points out the Weaver court’s focus on the unique nature of web (or cloud)-based email services. With webmail, a copy stored by the host in the cloud, in this case Microsoft Hotmail, might be the only copy, not just a backup. Therefore, the logic goes under the Stored Communications Act, the emails sought by the government in Weaver were not in electronic storage and the government only needed a trial subpoena, not a warrant.

House Passes Data Accountability and Trust Act (DATA)

By David Navetta on December 10, 2009 Posted in Breach Notification, Data Privacy Law or Regulation

On December 8, 2009, the Data Accountability and Trust Act — HR 2221(DATA) moved one step closer to law by passing the House of Representatives. DATA is sponsored by Congressman Bobby Rush (D-IL). Note that the InfoLawGroup has previously commented on similar data security bills currently pending in the Senate. The DATA in Congress has… Continue Reading

The Merchants Strike Back?

By David Navetta on December 3, 2009 Posted in PCI

With the recent news of several restaurants teaming up to sue point-of-sale system provider Radiant Systems (a copy of the complaint can be found here) for failing to comply with the PCI Standard, it appears that some merchants may be in a mood to strike back in the aftermath of a payment card security breach. This… Continue Reading