Account Data Compromise Recovery Process, ADCR, GCAR, Global Compromised Account Recovery Program, payment card, PCI DSS, security breach, visa
VISA Phases Out the Account Data Compromise Recovery (ADCR) Process and Implements the Global Compromised Account Recovery (GCAR) Program
By InfoLawGroup LLP on January 09, 2013
PCI liability, HIPAA enforcement rule, breach notification laws
By InfoLawGroup LLP on March 05, 2012
AICPA, best practices, BITS, cloud computing, COBIT, contracts, FIPS, information security, ISO 27001, ISO 27002, NIST, outsourcing, PCI DSS, SAS 70, SP 800-53, standards
Information Security Standards and Certifications in Contracting
By W. Scott Blackmer on May 26, 2010
It often makes sense to refer to an information security management framework or standard in an outsourcing contract, but this is usually not very meaningful unless the customer also understands what particular security measures the vendor will apply to protect the customer's data.
compliance, contract management, data protection, data security, information governance, information security, management, pia, privacy, privacy audit, privacy governance, privacy impact assessment, procurement, risk management, security governance, standards
Information Governance
By W. Scott Blackmer on May 06, 2010
Security governance is often well established in large organizations, but privacy governance typically lags. It is time for a broader approach to "information governance" that focusses on the kinds of sensitive data handled by the enterprise and establishes policies to assure compliance and effective risk management, as well as better customer, employee, government, and business relations.
IAPP, International Association of Privacy Professionals, Red Flags Rule
Live from the IAPP Global Privacy Summit in Washington, DC, It's Monday Afternoon
By InfoLawGroup LLP on April 19, 2010
This week, I will be providing short updates from the IAPP Global Privacy Summit in Washington, DC. The conference will be in full swing tomorrow, and I will report on various panels and topics of interest. In the meantime, as I prepare to see old and new friends at the Welcome Reception this evening, a few thoughts on what I expect to see and hear a lot over the next few days.
agility, best practices, compliance, IAPP, information governance, IT, Law, legal defensibility, outsourcing, privacy professionals, risk, Security, security breach, technology, whitepaper
Privacy's Trajectory
By InfoLawGroup LLP on March 14, 2010
As many of our readers know, the International Association of Privacy Professionals (IAPP) will celebrate 10 years this Tuesday, March 16. In connection with that anniversary, the IAPP is releasing a whitepaper, "A Call For Agility: The Next-Generation Privacy Professional," tomorrow, March 15. I am honored that the IAPP has given me the opportunity to read and blog about the whitepaper in advance of its official release.
ADCR, banking, Breach, Heartland, PCI DSS, security breach litigation, settlement
Issuing Banks File Class Action Suit Against Acquiring Banks in Heartland Breach Matter
By InfoLawGroup LLP on January 21, 2010
ADCR, BJ, BJ Wholesale Club, Breach, card, Club, damages, doctrine, economic, economic loss doctrine, fraud, Hannaford, litigation, loss, Massachusetts, mastercard, negligence, payment, payment card, PCI DSS, PCI DSS litigation, retailers, TJX, unfair practices, unfair practices Massachusetts visa mastercard ADCR, visa, Wholesale
Massachusetts's Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift
By InfoLawGroup LLP on December 23, 2009
payment card, payment card security breach litigation, PCI DSS, PCI DSS heartland, security breach litigation
Quickhits: AMEX settles with Heartland Payment Systems for $3.6 Million
By InfoLawGroup LLP on December 22, 2009
litigation, payment, payment card, PCI DSS, PCI DSS Radiant Systems, Radiant, Savvis, security breach litigation, security breach litigation service provider, service provider, Systems
The Merchants Strike Back?
By InfoLawGroup LLP on December 03, 2009
Mastercard Changes to their PCI Compliance Rules
By InfoLawGroup LLP on July 27, 2009
Nevada's Security of Personal Information Law Post Four: Encryption and PCI Compliance Requirements
By InfoLawGroup LLP on July 23, 2009
Merrick Bank v. Savvis: Merrick Files its Response to Savvis' Motion to Dismiss
By InfoLawGroup LLP on July 23, 2009
credit cards
FAQ on Nevada's Security of Personal Information Law (NRS 603A)
By InfoLawGroup LLP on July 21, 2009
Breach, consumer fraud, information security law
TJX Settles with State Attorneys General for $9.75 Million
By InfoLawGroup LLP on July 03, 2009
Breach, negligence, Security
Merrick Bank v. Savvis Update: Savvis Files Motion to Dismiss
By InfoLawGroup LLP on June 23, 2009
information security law, Legislation, negligence
Nevada Law Incorporates PCI and Provides a Liability Safe Harbor
By InfoLawGroup LLP on June 22, 2009
Breach, credit cards, negligence, Security
PCI Service Provider Contracting
By InfoLawGroup LLP on June 11, 2009
Breach, credit cards, negligence, Security
Merrick Bank v. Savvis: Analysis of the Merrick Bank Complaint
By InfoLawGroup LLP on June 03, 2009
consumer fraud
Hannaford's Motion to Dismiss: Victory for Merchants (Part 2)
By InfoLawGroup LLP on May 28, 2009
