Vicarious liability may be used to state a claim under the FACTA provision prohibiting a retailer from printing a credit card expiration date on a receipt. See Keith v. Back Yard Burgers of Nebraska, Inc., No. 8:11-CV-135 (D. Neb. Apr. 13, 2012). According to the court, only one other unreported decision had addressed a franchisor's vicarious liability under FACTA.
The Federal Trade Commission's latest delay in enforcing the Identity Theft Red Flags Rule is slated to expire on December 31, 2010. This fifth delay, which the FTC announced on May 28, 2010, was requested by members of Congress, who had been working to respond to the outcry over the FTC's broad interpretation of the Rule. In the latest legislative initiative, on November 17, 2010, representatives Adler (D-NJ), Broun (R-GA) and Simpson (R-IN) advanced a bill (HR 6420) that seeks to limit the scope of the FTC's Red Flags Rule by amending the Fair Credit Reporting Act's (FRCA's) definition of "creditor."
Several news outlets are reporting today on the November 15, 2010 argument before the U.S. Court of Appeals for the D.C. Circuit on the applicability of the Federal Trade Commission's Identity Theft Red Flags Rule.The relevant part of the Rule implements Section 114 of the Fair and Accurate Credit Transactions Act (FACTA) and requires certain creditors to develop and maintain an identity theft prevention program designed to detect, prevent and mitigate fraud attempted or committed through identity theft. The FTC has taken the position that attorneys and law firms are within the scope of the Rule's definition of "creditor" to the extent they allow clients to pay for legal services after the services are preformed. The ABA successfully challenged the applicability of the Rule to attorneys before the D.C. District Court. The FTC appealed that ruling.
Security governance is often well established in large organizations, but privacy governance typically lags. It is time for a broader approach to "information governance" that focusses on the kinds of sensitive data handled by the enterprise and establishes policies to assure compliance and effective risk management, as well as better customer, employee, government, and business relations.