September 2011

In a report released on September 28, 2011, Verizon concluded that only 21 percent of organizations subject to the payment card industry’s data security standards (PCI-DSS) were fully compliant with PCI-DSS.  Verizon’s prior report found that 22 percent of organizations were fully compliant with PCI-DSS.  The PCI-DSS consist of 12 requirements relating to

As covered in our earlier blog post, the Dodd-Frank Wall Street Reform and Consumer Protection Act establishes the Office of Financial Research (OFR) to collect and analyze U.S. financial data for financial regulators.  The OFR is tasked with, among other responsibilities, supporting the Financial Stability Oversight Council’s oversight of systemic risk, developing tools for

Reps. Lee Terry (R-NE) and Ed Towns (D-NY) have introduced the Mobile Informational Call Act of 2011 (H.R. 3035).  H.R. 3035 would amend the Telephone Consumer Protection Act — which is administered and enforced by the Federal Communications Commission but also authorizes private rights of action —  to clarify the scope of limitations

Earlier this month, the Payment Card Industry Council (“PCI”) unveiled the first set of point-to-point encryption (“P2PE”) standards designed for providers of P2PE hardware-based encryption and decryption solutions.  P2PE providers develop for merchants point-of-sale hardware such as payment card readers and electronic cash registers that completely encrypt payment card data from the point the card

Today, Senator Charles Schumer (D-NY) sent letters to Federal Trade Commission chairman Jon Liebowitz and OnStar executive director Linda Marshall regarding recent controversial changes to OnStar’s privacy policies.  OnStar provides in-vehicle GPS navigation, emergency response, and concierge services for millions of U.S.-manufactured vehicles.  In providing these services, OnStar collects data regarding customers’ location, speed, driving

Yesterday, the Senate Judiciary Committee approved legislation introduced by Committee Chairman Patrick Leahy (D-VT) (S. 1151) that would require firms to develop comprehensive data security programs and would impose a federal breach notice obligation on firms.  The same day, the Committee also approved amended versions of breach notification measures introduced by Sen. Dianne

Yesterday, Judge Lucy Koh of the U.S. District Court for the Northern District of California granted defendants’ motions to dismiss the consolidated, amended complaint in In re iPhone Application Litigation for lack of Article III standing, with leave to amend.  In finding lack of standing, the Court stated that plaintiffs’ allegations were “clearly insufficient” as

The Federal Trade Commission announced this week that it will host a workshop to explore potential privacy and security implications raised by the increasing use of facial recognition technology.  The discussion will take place on December 8, 2011 in Washington, DC.
According to the FTC, the workshop, which is free and open to the public,

Politico and other news sources are reporting that the House Energy and Commerce Committee’s Subcommittee on Commerce, Manufacturing and Trade plans to hold a hearing on the FTC’s proposed revisions to the Children’s Online Privacy Protection Act rule.  We previously analyzed the FTC’s proposal here.  The hearing has not yet been formally announced but

Last Thursday, the Senate Judiciary Committee began its consideration of the several pending data security bills by marking up S. 1151, the legislation introduced by Sen. Patrick Leahy (D-VT).  S. 1151 would require business entities to develop a data privacy and security plan for protecting sensitive personally identifiable information, require agencies and business entities to