Earlier this year, Washington passed an amended version of its data breach notification law, which goes into effect Friday July 24, 2015. Washington’s updated breach notification statute will now, among other things, require compromised entities to notify the state Attorney General (AG) in some circumstances, and require notification to both consumers and, as applicable, the […]
Enforcement
Canadian Parliament Amends PIPEDA with the Digital Privacy Act
On June 18, 2015, the Canadian Parliament passed into law the Digital Privacy Act (the “Act”), which amends Canada’s federal data protection statute, the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA applies to businesses in every Canadian province except British Columbia, Alberta and Quebec; however, businesses in those provinces may become subject to […]
FFIEC Issues Optional Cybersecurity Assessment Tool
On June 30, 2015, the Office of the Comptroller of the Currency (OCC) announced that the Federal Financial Institutions Examination Council (FFIEC) has issued an optional Cybersecurity Assessment Tool (Assessment) for banking institutions (“institution”) to use to evaluate risks and cybersecurity maturity (i.e., level of preparedness). OCC also announced that it would “gradually incorporate the […]
FTC Releases New Data Security Guidance for Businesses, Announces Conference Series
The Federal Trade Commission has released new guidance, called “Start with Security,” intended to assist businesses to improve their data security practices based on lessons learned from its 53 data security cases to date. Issued on June 30, 2015, the guidance “distill[s] the facts of those cases down to their essence” in ten “lessons to […]
Visa & MasterCard: Issuers May Release Identity of Breached Merchants
In two letters sent to Diana Dykstra, the President and CEO of the California and Nevada Credit Union Leagues, both MasterCard and Visa have confirmed that, under their network rules, card issuers are permitted to disclose the identities of merchants involved in data breaches in certain circumstances. In MasterCard’s letter dated June 3, 2015, Eileen […]