Cybersecurity Disclosure Act of 2015

A recent article in CSO magazine references the Cybersecurity Disclosure Act (CDA) of 2015 (proposed last December) and the wide-reaching impact the passing of that law might have. Not least of which is the central role that company leadership must take toward data security risk management. The article begins with the following statement: “Laws frequently […]

PCI Security Council Releases New Best Practices Document for PCI Compliance

On August 28th, the Payment Card Industry (PCI) Security Standards Council published an information supplement entitled, “Best Practices for Maintaining PCI DSS Compliance,” which contains important guidance for all companies, including hotels, that store, process, or transmit cardholder data.  In the document, the Council cited statistics demonstrating that “organizations that suffered a data breach were […]

Payment Card Industry Council Says Companies are Responsible for Third Party Security and Compliance

On August 7th, the Payment Card Industry Security Standards Council, the payment card industry’s self-regulatory body, issued new guidance for companies, such as hotels, that share cardholder payment data with third party service providers.  The Council released the guidance, entitled the “Third-Party Security Assurance Information Supplement,” in response to its findings that the leading mistake […]

The National Consumers League Launches the #DataInsecurity Project

In late June, the National Consumers League (NCL) launched what it calls the “#DataInsecurity Project” to raise awareness of and push for action to improve consumer data security.  The NCL kicked off the project by announcing a cross-country “tour” of national events which will feature discussions by experts from the FTC and State AGs offices.  […]

FTC’s Julie Brill Calls on State AGs to Take Action Re: Data Privacy

In a speech delivered at a major meeting of state Attorneys General (AGs) in late July, FTC Commissioner Julie Brill emphasized the importance of state AGs’ role in privacy regulation and urged them take an active role in protecting both their own and the FTC’s unfair, deceptive and abusive acts or practices (“UDAAP”) authority.  In […]

$15 Million Settlement Agreement Reached in Sony Data Breach Case

You probably remember the massive data breach that Sony Entertainment suffered back in April 2011 in its video game online network which exposed the personal information of approximately 77 million PlayStation Network and Qriocity account holders, making it one of the largest data breaches of all time, and immersed Sony in years of expensive and […]

Recent Breach at eBay Shows Us What Not to Do

On May 21st, eBay announced that it had experienced a data breach that had potentially affected all 145 million of its users.  In addition to the shock wave of bad press, regulatory and congressional scrutiny, and calls to action by State Attorneys General that follow all high profile data breaches, eBay has been hailed as […]