On August 24, 2015, the Third Circuit affirmed U.S. District Court Judge Esther Salas’ April 2014 ruling in FTC v. Wyndham Worldwide Corp., et al. (“Wyndham”) that the FTC has the authority to regulate private companies’ cybersecurity practices under Section 5 of the FTC Act. (Prior blog posts on this case can be found here […]
Board Governance & Cyber Risk Management
Illinois Governor Vetoes Data Protection Bill; Suggests Revisions
Illinois Governor Bruce Rauner vetoed a bill amending the state’s data breach notification law on August 21, 2015, saying in a letter to the General Assembly that the bill “goes too far, imposing duplicative and burdensome requirements that are out-of-step with other states.” The bill, S.B. 1833, would have amended Illinois’ Personal Information Protection Act […]
Alston & Bird Privacy Attorneys Named to The Best Lawyers in America 2016 List
Jim Harvey, David Keating, and Dominique Shelton, partners in Alston & Bird’s Privacy & Data Security Group, have been named to the 2016 edition of The Best Lawyers in America. First published in 1983, Best Lawyers is based on a peer-review survey in which more than 50,000 leading attorneys cast more than 5.5 million votes […]
Amended Washington Data Breach Law Requires Attorney General Notification, Imposes 45-Day Notice Time Limit
Earlier this year, Washington passed an amended version of its data breach notification law, which goes into effect Friday July 24, 2015. Washington’s updated breach notification statute will now, among other things, require compromised entities to notify the state Attorney General (AG) in some circumstances, and require notification to both consumers and, as applicable, the […]
PCI Security Standards Council Issues New Supplementary Compliance Requirements for the Data Security Standard
The Payment Card Industry (“PCI”) Security Standards Council (“SSC”) recently published a supplement to the PCI Data Security Standard (“DSS”) that will require certain Designated Entities to comply with an additional set of compliance-based requirements. The additional requirements, called the “Designated Entities Supplemental Validation,” or DESV, are designed to “help organizations make payment security part […]