On April 15, 2015, the Payment Card Industry Security Standards Council (PCI-SSC) updated the PCI Data Security Standard (PCI-DSS) from version 3.0 to version 3.1. The new version is effective immediately. PCI DSS Version 3.0 will be retired on June 30, 2015. A summary of the changes, along with the updated standard, can be found […]
Security Breach
Third Circuit Questions FTC’s Data Security Authority
On March 3, 2015, the Third Circuit heard oral argument in FTC v. Wyndham Worldwide Corp., et al. (“Wyndham”) on the issue of whether the FTC has the authority to regulate private companies’ data security under Section 5 of the FTC Act. This appeal arises out of the District Court’s holding that the unfairness prong […]
President Obama Proposes Strict National Data Breach Notification Law Ahead of State of the Union
On January 12, 2015, during a speech before the Federal Trade Commission (FTC), President Barack Obama announced that he would propose legislation to create a national, uniform data breach notification law. The White House later released the full text of the proposed bill. The President highlighted that a national breach notification law would benefit both […]
TD Bank NA Settles Data Breach Lawsuit with Mass. AG
TD Bank North America (“TD Bank”) and the Massachusetts Attorney General announced an agreement on December 8 to end a data breach lawsuit brought against TD Bank by the Massachusetts Attorney General. The lawsuit alleged that TD Bank failed to properly protect and encrypt personal customer information contained on two server backup tapes that it […]
Alston & Bird Health Care Advisory: HIPAA Audit Program Phase 2 Update
We have previously blogged about the U.S. Department of Health & Human Services HIPAA Audit Program, including the Audit Program pilot (November 30, 2011 and March 7, 2012), the release of the Office for Civil Rights (OCR) audit protocols (June 26, 2012), and the status of phase 2 of the Audit Program (February 26, 2014 […]