Breach of Contract : Info Law Group

Home > Breach of Contract >

Posted on January 17, 2010 by W. Scott Blackmer

Information Security Clauses and Certifications - Part 1

Outsourcing business and IT functions often means outsourcing compliance and liability risks as well. When a service contract involves protected categories of personal information, both parties need to understand the security requirements and risks. The contract should allocate responsibilities to prevent and respond to security breaches. The contract may also set expectations more precisely by incorporating a written security policy or referring to a widely accepted information security standard, sometimes accompanied by a requirement for a third-party security audit or assessment.

What contractual information security provisions should you consider, as a customer or as a vendor or business partner, when the contract contemplates the exchange of protected information? What do security standards and audits entail for a vendor, and what do they offer for a customer?

Posted on May 28, 2009 by David Navetta

Hannaford's Motion to Dismiss: Victory for Merchants (Part 2)

As detailed in ISC's first post on the Hannaford case, I detailed the District Court's rationale for either dismissing or generally recognizing various legal theories around payment card number security breaches. The net result of the Court's analysis was the existence of three possible theories of recovery for the consumer plaintiffs:

Breach of implied contract
Negligence
Violation of Maine's Unfair Trade Practices Act ("UTPA")

While the partial recognition of these theories of liability might be viewed as a positive development for plaintiffs, based on the Court's analysis of the "cognizable harm" (e.g. damages) elements of each theory, this decision ends up being bad for plaintiffs (or better stated plaintiff law firms desiring to pursue class actions in the wake of a payment card security breach). This post explains the Court's rationale and indicates aspects that may present difficulties for Hannaford on appeal.

Tags: Breach Notice, Breach of Contract, Damages, Emotional Distress, Motion to Dismiss, PCI, Uncategorized, consumer fraud

Posted on March 3, 2009 by David Navetta

Heartland Payment Systems Sued By Banks

Heartland Payment Systems has been sued in multiple lawsuits by various banks or credit unions that have had to reissue payment cards in the wake of the Heartland breach.

Tags: Breach, Breach of Contract, Heartland, PCI, Plastic Card Protection Laws, Pleadings, Service Provider Breach, Third Party Beneficiary

Posted on October 1, 2008 by David Navetta

The New Path to PCI Liability: 3rd Party Beneficiary Theory

Merchants face a potentially huge liability if they suffer a security breach exposing payment card data. Issuing banks (those banks that issue credit cards to consumers) have filed lawsuits to recover reissuiance costs allegedly ranging from $20-$50 per card (multiplied by thousands or millions of cards depending on the magnitude of the breach). A recent decision from the U.S. Court of Appeals for the Third Circuit ("3^rd Circuit" or "Appellate Court") appears to have expanded the potential liability merchants face for payment card security breaches. Continue Reading...

Tags: Breach, Breach Notice, Breach of Contract, Payment Card Breach Laws, Plastic Card Protection Laws, Third Party Beneficiary, security

Posted on November 2, 2007 by David Navetta

TJX Motion to Dismiss Bank's Claims

I came across this ruling in the TJX matter that dismisses some of the banks' claims against TJX: Link

Consistent with past decisions (B.J. Wholesalers) it looks like issuing banks cannot rely on a 3rd party beneficiary theory to go after merchants for breach of contract. Also appears that the economic loss doctrine is still an effective block to general negligence actions.

However, the negligent misrepresentation claim and unfair/deceptive business act claims both survived. The negligent misrepresentation argument was very interesting. Basically, it appears that the issuing banks alleged that by participating in an a financial network that relies on members taking appropriate security measures, TJX made "implied representations" that they would take security measures required by industry practice. The court let these allegations stand, indicating that the economic loss doctrine does not apply to a negligent misrepresentation claim in Massachusetts. In addition the court ruled that the banks' reliance on such implied representations is a question of fact inappropriate for resolution at the motion to dismiss phase. These allegations also serve as the basis for the Banks' unfair and deceptive business practices claims under Chapter 93 of Massachusetts' law.

While the survival of these claims is certainly good news for the banks, TJX may still be able to stop this case from going to trial using a motion for summary judgment further down the line. It will be interesting to see if the Banks can successfully argue that the costs of preemptively reissuing credit cards constitutes "damages" for purposes of negligent misrepresentation.

Tags: Breach of Contract, Motion to Dismiss, Privacy Law, TJX, Third Party Beneficiary, information security law, negligence

About Us In today’s economy, businesses of every size, shape and type store, transmit or process information. Most organizations employ information technologyMore...

Recent Updates

Recent News

Let me use this post to suggest one way in which prospective students can begin comparing academic programs. All law schools require their ... Thoughts about choosing a law school, part 2>
In his dissent in Free Enterprise Fund v. PCAOB, D.C. Circuit Judge Brett Kavanaugh characterized the SEC – Public Company Accounting ... A Whopper of an Assumption in Free Enterprise Fund v. PCAOB>
Documents obtained by the Electronic Privacy Information Center show complaints have been lodged with the Transportation Security Administra... Travelers file complaints over TSA body scanners
The U.S. Department of the Treasury has loosened controls on the export of Internet-based communication services to Iran, Sudan and Cuba, in... Update: U.S. lifts Iran, Sudan, Cuba Internet services export ban
Ongoing computer scams targeting small businesses cost U.S. companies $25 million in the third quarter of 2009, according to the U.S. Federa... FDIC: Hackers took more than $120M in three months

@InfoLawGroup - InfoLawGroup's most recent Twitter posts

Follow InfoLawGroup on Twitter

Information Law Group Authors

Tanya Forsheit
Tanya L. Forsheit is one of the Founding Partners of the InformationLawGroup, based in Los Angeles, California. Tanya founded the InformationLawGroup...More...
Stay Connected with Tanya Forsheit
David Navetta
David Navetta is one of the Founding Partners of the Information Law Group. David has practiced law for over twelve years, including technology, priv...More...
Stay Connected with David Navetta
W. Scott Blackmer
W. Scott Blackmer has practiced information technology law since 1982. Scott has been listed in several peer-reviewed directories of prominent IT law...More...
Stay Connected with W. Scott Blackmer

Information Law Library

Case Law and Regulatory Action

Standards and Guidelines

Statutes and Regulations

See the complete Information Law Library..."

Topics

Alabama
Attorney-Client Privilege
Behavioral Advertising
Bob Russo
Breach Notice
Breach Notification
Breach of Contract
Children's Privacy
Class Certification
Cloud Computing
Connecticut
Damages
Data Destruction
Data Privacy Law or Regulation
Digital Evidence and E-Discovery
EU
Emotional Distress
Encryption
Enforcement
Financial Services
Health Care
Heartland
IP address
Identity Theft
Information Security
Information security contracts
International
Iowa
Lawsuit
Maine
Massachusetts 210 CMR 17.00
Massachusetts Data Security Regulations
Michigan
Motion to Dismiss
NDA / Confidentiality Agreement
Nevada Security of Personal Information Law
New Jersey
Okemo
PCI
PCI Council
PCI FAQs
PII
Payment Card Breach Laws
Penalties and Fines
Plastic Card Protection Laws
Plastic Card Security Laws
Pleadings
Privacy Law
Privacy and Security Litigation
Reasonable Security
Red Flags Identity Theft Rules
Red Flags Rule
Regulations
Sears
Service Provider Breach
Social Networking
Spam
Special Series
- Cloud Computing Series
Standards
TJX
Third Party Beneficiary
Tri-West
Uncategorized
Washington
Welcome

Archives

Info Law Group - privacy. security. technology. intellectual property.

Denver Office

1117 S. Clarkson St.

Denver, CO 80210

Tel:

303.325.3528

Los Angeles Office

1350 1st Street

Manhattan Beach, CA 90266

Tel:

310.594.4627

Salt Lake Office

14901 Saddle Leaf Ct

Draper, UT 84020-5573

Tel:

801.495.1503

Dallas Office

696 Junegrass Lane

Frisco, TX 75035

Technology lawyers & attorneys at Information Law Group, offering services related to privacy, data security, intellectual property, information technology, compliance, litigation, incident response, outsourcing, e-commerce, new media, workplace privacy, software licensing, merchant agreements, privacy policies, electronic signatures, cloud computing, risk management, social networking policies, direct marketing, transborder data flow, security litigation and identity theft.

Attorney advertising. Prior results do not guarantee a similar outcome.

Blog design, marketing and support by LexBlog

@InfoLawGroup - InfoLawGroup's most recent Twitter posts

Stay Connected with Tanya Forsheit

Stay Connected with David Navetta

Stay Connected with W. Scott Blackmer