Breach, breach notification, cyber insurance, cyberinsurance, heartland payment processor, litigation, PCI DSS, point of sale breach, Target, TJX
Payment Card Breaches: Time to Spread the Risk with Mandatory Cyber Insurance
By InfoLawGroup LLP on February 24, 2014
Adherence Communications, Boris Segalis, data protection, Do Not Call Regulations, healthcare, HHS, HIPAA, HITECH, InfoLawGroup, OCR, PHR Portals, privacy, privacy enforcement, privacy rule, security rule
New HIPAA/HITECH Rules Implementation Roadmap: Countdown Begins to September 23, 2013 Compliance Deadline
By InfoLawGroup LLP on March 31, 2013
health information, healthcare, HIPAA, HITECH, medical data, PHI, protected health information
HHS Release Final Omnibus Rule Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
By InfoLawGroup LLP on January 18, 2013
Account Data Compromise Recovery Process, ADCR, GCAR, Global Compromised Account Recovery Program, payment card, PCI DSS, security breach, visa
VISA Phases Out the Account Data Compromise Recovery (ADCR) Process and Implements the Global Compromised Account Recovery (GCAR) Program
By InfoLawGroup LLP on January 09, 2013
damages, data breach, Hannaford, motion to dismiss Hannaford data breach payment card PCI DSS, payment card, PCI DSS
Federal Appeals Court Holds Identity Theft Insurance/Credit Monitoring Costs Constitute "Damages" in Hannaford Breach Case
By InfoLawGroup LLP on October 24, 2011
In a significant development that could materially increase the liability risk associated with payment card security breaches (and personal data security breaches, in general), the U.S. Court of Appeals 1st Circuit (the "Court of Appeals") held that payment card replacement fees and identity theft insurance/credit monitoring costs are adequately alleged as mitigation damages for purposes of negligence and an implied breach of contract claim. The decision in Hannaford could be a game changer in terms of the legal risk environment related to personal data breaches, and especially payment card breaches where fraud has been perpetrated. In this post, we summarize the key issues and holdings of the Court of Appeals.
access, Boris Segalis, Health Care, health information, HHS, HITECH, InfoLawGroup, information law group, InformationLawGroup, Nicole Friess, NPRM, privacy, privacy rule, protected health information, Regulation, Security, security rule
Changes to HIPAA Privacy Rule Proposed by HHS - Find Out Who Has Accessed Your Health Records
By InfoLawGroup LLP on June 01, 2011
Binding Corporate Rules, Canada, Cloud, data protection, EU Data Protection Directive, international, outsourcing, PCI DSS, privacy, privacy impact assessment, security measures
A Privacy Checklist for Global Enterprises
By W. Scott Blackmer on October 21, 2010
Scott Blackmer provides a "discovery" checklist for global enterprises handling personal data from multiple jurisdictions, as well as advice on a global approach to privacy compliance and risk management.
damages, Hannaford, litigation, payment card, PCI DSS, security breach
"Damages" Last Stand - Maine Supreme Court Puts an End to the Hannaford Bros. Breach Suit
By InfoLawGroup LLP on September 22, 2010
The Maine Supreme Court has rendered its opinion on the "damages" issue in the Hannaford Bros. consumer security breach lawsuit. Again, the plaintiffs have been unable to establish that they suffered any harm as a result of the Hannaford security breach. Specifically, the Court ruled that "time and effort" alone spent to avoid or remediate reasonably foreseeable harm do not constitute "a cognizable injury for which damages may be recovered." In this blogpost we take a closer look at the Court's rationale.
Act, breach notification, CUTPA, data, HITECH, HIPAA
Health Net Agrees to $250,000 Fine and "Corrective Action Plan" to Settle Loss of PHI
By InfoLawGroup LLP on July 21, 2010
Breach, fiduciary duty, Heartland, litigation, negligence, payment card, PCI DSS, third party beneficiary
Heartland Bank and Keybank's Motion to Dismiss
By InfoLawGroup LLP on July 13, 2010
health information, HHS, HIPAA, HITECH, privacy, Regulation, Security
InfoLaw Alert: HHS Issues Proposed Mofications to HIPAA Security and Privacy Rules
By InfoLawGroup LLP on July 08, 2010
AICPA, best practices, BITS, cloud computing, COBIT, contracts, FIPS, information security, ISO 27001, ISO 27002, NIST, outsourcing, PCI DSS, SAS 70, SP 800-53, standards
Information Security Standards and Certifications in Contracting
By W. Scott Blackmer on May 26, 2010
It often makes sense to refer to an information security management framework or standard in an outsourcing contract, but this is usually not very meaningful unless the customer also understands what particular security measures the vendor will apply to protect the customer's data.
Breach, breach notice, HIPAA, HITECH, medical data, notification, Virginia
Virginia Adds Medical Information Breach Notice Law
By InfoLawGroup LLP on April 07, 2010
Breach, data security, HB 1149, notification, PCI DSS, plastic card security act, Regulation
FAQ on Washington State's PCI Law
By InfoLawGroup LLP on March 24, 2010
encryption, Nevada, PCI DSS, Safe Harbor, security measures
A Closer Look at the PCI Compliance and Encryption Requirements of Nevada's Security of Personal Information Law
By InfoLawGroup LLP on March 10, 2010
201 CMR 17-00, AES, anonymity, behavioral advertising, breach notification, California, cloud computing, contracts, DPA, Eavesdropping, encryption, EU Data Protection Directive, GLBA, HIPAA, HITECH, IAPP, Kearney, Massachusetts, personally identifiable information, pii, RFID, social networking, spam, SSN, TCPA, telemarketing, text messages, UK ICO, VPPA
Celebrating Data Privacy from A to Z
By InfoLawGroup LLP on January 28, 2010
In honor of Data Privacy Day and its spirit of education, I thought it might be appropriate (and fun) to celebrate some (but certainly not all) of the A, B, Cs of Data Privacy. Would love to see your contributions, too!
ADCR, banking, Breach, Heartland, PCI DSS, security breach litigation, settlement
Issuing Banks File Class Action Suit Against Acquiring Banks in Heartland Breach Matter
By InfoLawGroup LLP on January 21, 2010
Breach, Heartland, Payment Card Industry Digital Security Standard, PCI DSS, settlement, TJX
Quickhits: Heartland Settles With Visa for $60 Million
By InfoLawGroup LLP on January 08, 2010
ADCR, BJ, BJ Wholesale Club, Breach, card, Club, damages, doctrine, economic, economic loss doctrine, fraud, Hannaford, litigation, loss, Massachusetts, mastercard, negligence, payment, payment card, PCI DSS, PCI DSS litigation, retailers, TJX, unfair practices, unfair practices Massachusetts visa mastercard ADCR, visa, Wholesale
Massachusetts's Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift
By InfoLawGroup LLP on December 23, 2009
payment card, payment card security breach litigation, PCI DSS, PCI DSS heartland, security breach litigation
Quickhits: AMEX settles with Heartland Payment Systems for $3.6 Million
By InfoLawGroup LLP on December 22, 2009
