Privacy, Cyber & Data Strategy Team

In Chavez v. Mercantil Commercebank, N.A., No. 11-15804 (11th Cir. Nov. 27, 2012), the Eleventh Circuit found that the parties did not have an agreed-upon security procedure so as to allow the bank to qualify for safe harbor under Article 4A of the Uniform Commercial Code, as enacted in Florida, and avoid liability for an […]

On November 26, 2012, the United States Department of Health and Human Services (HHS) Office of Civil Rights (OCR) published a guidance document discussing methods and approaches for de-identification of protected health information (PHI) as permitted under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The document, which is titled “Guidance Regarding Methods […]

On November 16th, 2012, the PCI Security Standards Council released an information supplement to the Payment Card Industry Data Security Standard (“PCI-DSS”) titled “PCI DSS Risk Assessment Guidelines” (the “Guidelines”). The Guidelines were authored by the Risk Assessment Special Interest Group (“SIG”) – a group of more than 60 organizations representing banks, merchants, security assessors […]

Today the European Commission’s Article 29 Working Party released Opinion 08/2012 providing further input on the EU’s revised Data Protection Regulation. The purpose of the Opinion is to provide “further guidance, notably on certain key data protection concepts and by analysing the need for and the effect of the proposed delegated acts and where necessary suggesting […]

In Curry v. AvMed Inc., No. 11-13694 (11th Cir. Sept. 5, 2012), the Eleventh Circuit found that the named plaintiffs sufficiently alleged injury and causation by including detailed allegations making it plausible, not merely possible, that their purported injuries resulted from the data breach. In AvMed, plaintiffs alleged that their identities were stolen as a […]