The Payment Card Industry (“PCI”) Security Standards Council (“SSC”) recently published a supplement to the PCI Data Security Standard (“DSS”) that will require certain Designated Entities to comply with an additional set of compliance-based requirements. The additional requirements, called the “Designated Entities Supplemental Validation,” or DESV, are designed to “help organizations make payment security part […]
Data Security
Canadian Parliament Amends PIPEDA with the Digital Privacy Act
On June 18, 2015, the Canadian Parliament passed into law the Digital Privacy Act (the “Act”), which amends Canada’s federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA applies to businesses in every Canadian province except British Columbia, Alberta and Quebec; however, businesses in those provinces may become subject to […]
FTC Releases New Data Security Guidance for Businesses, Announces Conference Series
The Federal Trade Commission has released new guidance, called “Start with Security,” intended to assist businesses to improve their data security practices based on lessons learned from its 53 data security cases to date. Issued on June 30, 2015, the guidance “distill[s] the facts of those cases down to their essence” in ten “lessons to […]
Alston & Bird partners Teri McMahon and Dominique Shelton discuss updates to M&A and privacy & data security practice areas at ACC Israel Annual Event
On June 16, 2015, Alston & Bird partners Teri McMahon and Dominique Shelton made presentations on current issues of the M&A and privacy and data security practice areas at the ACC Israel Annual Event. The event, attended by over 200 attorneys from Israel and around the world, focused on trending global mergers & acquisitions issues. Teri McMahon discussed trends in […]
Connecticut Passes Bill to Require Identity Theft Protection Services In Certain Breaches
On June 11, Connecticut SB949 became a Public Act, after being passed by both chambers of the state legislature. Governor Dannel Malloy can now either sign the bill or take no action for it to become law. SB949 will, among other provisions, require companies that experience a security breach requiring notice to individuals under Connecticut […]