Latest Developments in PrivacyRobert J. Scott

Managing Partner

Latest Developments in Privacy

© 2007 Scott&Scott, LLP

Latest Developments in Privacy

© 2007 Scott&Scott, LLP

The Business Impact of Data Breach

º May 15, 2007 Surveyº Commissioned by Scott & Scott

LLPº Conducted by Ponemon Instituteº Respondents = 720 companiesº Margin of Error <3%

Latest Developments in Privacy

© 2007 Scott&Scott, LLP

Network Security and Privacy Injury Claims

º FTC Investigationsº State Investigationsº Private Causes of Action º Mitigation Strategies

Latest Developments in Privacy

© 2007 Scott&Scott, LLP

FTC Investigations

º Unfair Practicesº Violations of Fair Credit Reporting Actº Failure to Maintain Adequate Securityº Failure to Protect Financial Dataº Failure to Disclose Security Breachesº Violations of Federal Trade Commission Actº Violations of GLBA

Latest Developments in Privacy

© 2007 Scott&Scott, LLP

Losses Related to FTC Investigations

º State C Superior Mortgage Company Agrees to Refrain from Making Misrepresentations and to Allow FTC Compliance Monitoring for 10 Years.

º DSW, Inc. , Nations Title, and Card Systems Agree to Implement Comprehensive Security Measures and Allow FTC Compliance Monitoring for 20 Years.

º ChoicePoint Agrees to Pay $15 Million and to Allow FTC Compliance Monitoring for 20 Years. onsumer Protection Laws

º Breach Notification Violationsº Violations for Failure to Protect and Properly Destroy

Customer Data

Latest Developments in Privacy

© 2007 Scott&Scott, LLP

State Investigations

º State Consumer Protection Lawsº Breach Notification Violationsº Violations for Failure to Protect and Properly Destroy

Customer Data

Latest Developments in Privacy

© 2007 Scott&Scott, LLP

Losses Related to State Investigations

º Forty-four state Attorneys General settled for $500,000 with ChoicePoint after it sold personal data to identity thieves.

º NY Attorney General settled with Datran Media for $1.1 million after Datran improperly disclosed personal data.

º TX Attorney General entered into an agreed temporary injunction with CNG Financial and several other companies requiring proper destruction of customer records.

Latest Developments in Privacy

© 2007 Scott&Scott, LLP

Private Causes of Action

º Breach of Contract Claimsº Third-Party Beneficiary Claimsº Contractual and Non-Contractual Indemnity Claimsº Tort / Negligence Claimsº Failure to Maintain Adequate Securityº Negligent Retention of Data º Negligent Misrepresentation Regarding Breaches in

Security

Latest Developments in Privacy

© 2007 Scott&Scott, LLP

Private Party Claims Scenarios

º Class action lawsuit against TJX based on failure to comply with the PCI Data Security Standard.

º Class action lawsuit against the Veteran’s Administration for violations of the Privacy Act.

º Class action lawsuit against TJX alleging negligence.

º Class action lawsuits against merchants alleging violations of FACTA.

Latest Developments in Privacy

© 2007 Scott&Scott, LLP

State Data Breach Notification Laws

Latest Developments in Privacy

© 2007 Scott&Scott, LLP

Robert J. Scott

Managing Partner

rjsott@scottandscottllp.com

800-596-6176 (Telephone)800-529-3292 (Facsimile)

Contact Information