Tag archives: Security

Retailers must upgrade online credit card processing security by June 30

By Susan Ross (US) on June 22, 2018 Posted in Compliance and risk management, Cybercrime

Data Protection Report - Norton Rose Fulbright

By June 30, 2018, retailers accepting digital (online) credit card transactions must cease using encryption protocols known as SSL or TLS 1.0. Retailers must transition to TLS 1.1 or higher (such as the popular TLS 1.2) or else lose the ability to accept credit card payments.… Continue reading

UK NIS Regulations impose new cybersecurity obligations (and a new penalties regime) on operators of essential services and digital service providers in the UK

By Steven Hadwin (UK) on May 10, 2018 Posted in Compliance and risk management, Regulatory response

The UK NIS Regulations (implementing the NIS Directive) come into force in the UK today (10 May 2018). These Regulations have received limited press attention, in part due to the emphasis that has been placed on GDPR implementation. However, the NIS Regulations represent a significant change in the legal environment relating to cybersecurity in the … Continue reading

FTC Orders PCI DSS Compliance Reports

By on March 9, 2016 Posted in Compliance and risk management, Regulatory response

The Federal Trade Commission (FTC) has ordered nine companies to file Special Reports detailing how they assess their clients’ compliance with Payment Card Industry Data Security Standards (PCI DSS). Payment card issuing companies require businesses that process over one million card transactions per year to undergo PCI DSS compliance assessments, or audits, performed by PCI Qualified … Continue reading

Senate passes cybersecurity bill, bringing immunity for sharing cyberthreat data closer to reality

By on November 2, 2015 Posted in Regulatory response

On October 27, 2015, the Cybersecurity Information Sharing Act of 2015 (CISA), passed the Senate, by a 74-21 vote. The bill’s passing by such an overwhelming majority is a crucial step towards the controversial CISA becoming law, with support from some security experts and to the chagrin of other privacy advocates.… Continue reading

U.S. Department of Defense issues interim rule imposing network penetration reporting requirements and addressing cybersecurity of cloud computing services

By on September 3, 2015 Posted in Regulatory response

On August 25, 2015, the Department of Defense (“DoD”) issued interim rule DARS-2015-0039, which amends the Defense Federal Acquisition Regulation Supplement (“DFARS”) to implement a network penetration reporting requirement for contractors. Additionally, this rule implements DoD policy on the purchase of cloud computing services.… Continue reading

Nevada amends data security law to expand definition of “Personal Information”

By on June 16, 2015 Posted in Regulatory response

On May 13, 2015, Governor Brian Sandoval of Nevada signed Assembly Bill No. 179 (“AB 179”) into law. AB 179 amends Nevada Revised Statutes § 603A.040, which defines “Personal Information” for Nevada’s laws on the security of personal information. This amendment will take effect on July 1, 2015.… Continue reading

The Security, Privacy and Legal Implications of the Internet of Things (“IoT”) Part one – The Context and Use of IoT

By on May 19, 2015 Posted in Compliance and risk management, Data breach

Disrupted, yet again. The world is fast preparing for the invasion of objects connected to the Internet, otherwise known as the Internet of Things (“IoT”). IoT is here, and it will revolutionize how both individuals and corporations interact with the world. In this multi-part series we will explore this quickly evolving revolution and the privacy … Continue reading

The “EMV Liability Shift” Is Coming (What Merchants Need to Know)

By Susan Ross (US) on May 18, 2015 Posted in Compliance and risk management, Data breach, Dispute resolution and litigation

Currently, almost half of the world’s credit card fraud happens in the U.S where magnetic stripe technology is the standard. Outside the U.S., an estimated 40% of the world’s cards and 70% of the terminals already use the EMV technology. These countries are reporting significantly lower counterfeit fraud levels with EMV cards than with the … Continue reading

FTC issues new privacy and security report on the internet of things

By on January 27, 2015 Posted in Compliance and risk management

In advance of what will likely be a flood of interconnected devices to soon hit the market, the Federal Trade Commission (“FTC”) today announced the release of a new report on the Internet of Things (the “Report”). Focusing on privacy and security, the FTC makes several suggestions to companies developing Internet of Things devices that are marketed … Continue reading

Sharing Cyber Threat Information: A Legal Perspective (ISSA Journal Article)

By on January 5, 2015 Posted in Data breach

The ISSA Journal recently included an article, Sharing Cyber Threat Information: A Legal Perspective, authored by Utsav Mathur and I (David Navetta) concerning potential legal risks associated with intra-industry sharing of cyber-threat information. The article summarizes recent efforts by the US government to encourage more information sharing concerning cyber threats and data-security incidents within industries. Recent Department of Justice and Federal Trade Commission … Continue reading