Upload
bryan-warner
View
216
Download
2
Embed Size (px)
Citation preview
Latest Developments in PrivacyRobert J. Scott
Managing Partner
Latest Developments in Privacy
© 2007 Scott&Scott, LLP
Latest Developments in Privacy
© 2007 Scott&Scott, LLP
The Business Impact of Data Breach
º May 15, 2007 Surveyº Commissioned by Scott & Scott
LLPº Conducted by Ponemon Instituteº Respondents = 720 companiesº Margin of Error <3%
Latest Developments in Privacy
© 2007 Scott&Scott, LLP
Network Security and Privacy Injury Claims
º FTC Investigationsº State Investigationsº Private Causes of Action º Mitigation Strategies
Latest Developments in Privacy
© 2007 Scott&Scott, LLP
FTC Investigations
º Unfair Practicesº Violations of Fair Credit Reporting Actº Failure to Maintain Adequate Securityº Failure to Protect Financial Dataº Failure to Disclose Security Breachesº Violations of Federal Trade Commission Actº Violations of GLBA
Latest Developments in Privacy
© 2007 Scott&Scott, LLP
Losses Related to FTC Investigations
º State C Superior Mortgage Company Agrees to Refrain from Making Misrepresentations and to Allow FTC Compliance Monitoring for 10 Years.
º DSW, Inc. , Nations Title, and Card Systems Agree to Implement Comprehensive Security Measures and Allow FTC Compliance Monitoring for 20 Years.
º ChoicePoint Agrees to Pay $15 Million and to Allow FTC Compliance Monitoring for 20 Years. onsumer Protection Laws
º Breach Notification Violationsº Violations for Failure to Protect and Properly Destroy
Customer Data
Latest Developments in Privacy
© 2007 Scott&Scott, LLP
State Investigations
º State Consumer Protection Lawsº Breach Notification Violationsº Violations for Failure to Protect and Properly Destroy
Customer Data
Latest Developments in Privacy
© 2007 Scott&Scott, LLP
Losses Related to State Investigations
º Forty-four state Attorneys General settled for $500,000 with ChoicePoint after it sold personal data to identity thieves.
º NY Attorney General settled with Datran Media for $1.1 million after Datran improperly disclosed personal data.
º TX Attorney General entered into an agreed temporary injunction with CNG Financial and several other companies requiring proper destruction of customer records.
Latest Developments in Privacy
© 2007 Scott&Scott, LLP
Private Causes of Action
º Breach of Contract Claimsº Third-Party Beneficiary Claimsº Contractual and Non-Contractual Indemnity Claimsº Tort / Negligence Claimsº Failure to Maintain Adequate Securityº Negligent Retention of Data º Negligent Misrepresentation Regarding Breaches in
Security
Latest Developments in Privacy
© 2007 Scott&Scott, LLP
Private Party Claims Scenarios
º Class action lawsuit against TJX based on failure to comply with the PCI Data Security Standard.
º Class action lawsuit against the Veteran’s Administration for violations of the Privacy Act.
º Class action lawsuit against TJX alleging negligence.
º Class action lawsuits against merchants alleging violations of FACTA.
Latest Developments in Privacy
© 2007 Scott&Scott, LLP
State Data Breach Notification Laws
Latest Developments in Privacy
© 2007 Scott&Scott, LLP
Robert J. Scott
Managing Partner
800-596-6176 (Telephone)800-529-3292 (Facsimile)
Contact Information