Identity Theft / Privacy

In-house counsel faced with a data breach encounter a difficult balancing act. On the one hand, it is critical to determine the cause of the breach and generate a plan to bolster security systems to reduce the likelihood of similar occurrences in the future. On the other hand, these same reports, usually performed by third-party

The Perils of Responding to Cyber-Incidents Just Got More ComplicatedIt’s 8 a.m., and you just learned that a material cyber-incident occurred in your organization. You fire up your Incident Response Plan. You engage outside counsel, and outside counsel engages a forensic firm. Your company, your outside counsel, and your forensic firm all sign an agreement that the forensic firm will work at the direction

FTC Imposes $110 Million Fine Against Payment Facilitator and Its ExecutivesPayment processor/facilitator Allied Wallet, its CEO, and two other corporate officers, recently agreed to settle Federal Trade Commission (FTC) charges that they assisted or knowingly processed fraudulent transactions for merchant-clients. This action indicates that enforcement actions against payment processors are alive and well, despite the FTC’s previously announced end of “Operation Chokepoint,” which, among other

First Federal Legislation Proposed Relating to Protection of BiometricsAmidst privacy concerns and booming technological innovation, Sens. Roy Blunt (R-Mo.) and Brian Schatz (D-Hawaii) have introduced a bill proposed as the “Commercial Facial Recognition Privacy Act of 2019” (CFRPA) targeting arguably the most “personal” biometric identifier—our face. While several states have enacted legislation relating to protection of biometric identifiers, this is the

Potential Bank Customer Data Exposed through Fiserv Platform Flaw

Security researchers and cybersecurity experts recently discovered a weakness in Fiserv’s web platform, which may have exposed the personal and financial details of customers across hundreds of internet banking sites. The flaw involved a messaging platform used by Fiserv to send account alerts to customers of Fiserv-affiliated banks. These alerts can be set up to

In the Wake of Equifax: What Auto Dealers Need to Know About Data PrivacyFollowing the recent Equifax data breach wherein millions of consumers’ private information may have been compromised, it is increasingly clear that consumer-interfacing businesses need to, and in some cases are required to, take steps to protect their consumers’ private information. Although not traditionally considered “financial institutions,” auto dealers that engage in financial activities—those that extend

Foreign No More: Transferring Data on Demand U.S. Companies and GDPR Data PortabilityMuch has been written about the consternation and concern of businesses around the world regarding the European Union’s General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. The GDPR applies to companies operating within the EU that control or process data. Notably, it also applies to companies outside the EU that offer

Commercial Lenders Take Note: Insurance May Not Cover Fraudulent USDA Guarantees for Business & Industry LoansA Wisconsin federal court recently held that forged USDA loan guarantees did not trigger coverage under a bankers blanket bond held by Wisconsin-based Citizens Bank, resulting in a $15 million loss to the bank. Atlantic Specialty Insurance Co. issued the bankers blanket bond to provide coverage for losses stemming from certified securities or corporate, partnership

IRS Releases Guidance on Taxability of Identity Protection ServicesAs companies and governmental entities increasingly do business and store sensitive information in online or cloud-based environments, the risk of improper disclosure continues to grow. The unprecedented breach of the United States Office of Personnel Management’s (OPM) system, in which the personal data of more than 22 million individuals was stolen, was a topic of