-
Appeals Court Struggles With 'Red Flags Rule'
Posted on November 20th, 2010 No commentsA federal appeals court in Washington wrangled today with the definitions of “credit” and “any person” as it tried to determine whether the Federal Trade Commission overstepped its authority in regulating the legal profession.
Read the original here:
Appeals Court Struggles With 'Red Flags Rule' -
Pre-Paid Legal Services says FTC may sue
Posted on November 20th, 2009 No commentsPre-Paid Legal Services Inc., a network of independent law firms, said Thursday that the Federal Trade Commission may sue the company over allegedly misleading representations made by its identity theft prevention program.
Read the original:
Pre-Paid Legal Services says FTC may sue -
Pci Dss Incident Response: The Legal Perspective
Posted on July 8th, 2009 No commentsThe SANS Institute InfoSec Reading Room recently published an article by Christian J. Moldes entitled PCI DSS and Incident Handling: What is required before, during and after an incident. Moldes’ whitepaper is a good starting point for developing an incident response plan to address payment card security breaches
-
Heartland Data Breach – Legal Update from Attorney Richard Coffman
Posted on June 25th, 2009 No commentsTexas attorney Richard Coffman was the first to file a class action suit against Heartland Payment Systems (HPY) after its data breach was announced publicly this past January. In an exclusive interview, Coffman discusses: The status of legal actions against Heartland; What’s unique about the Heartland case; What consumers and financial institutions can expect to see going forward. After practicing several years as a CPA with two international accounting firms, Coffman received his law degree from the University of Texas in 1989.
More here:
Heartland Data Breach – Legal Update from Attorney Richard Coffman -
PCI Service Provider Contracting
Posted on June 11th, 2009 No commentsAs an attorney focusing on information security and privacy issues, I often get called in to assist companies to understand their legal liability risk around the PCI (self) regulatory system. One of the key areas I get involved in is service provider relationships, and in particular section 12.8 of PCI and service provider contracts. There are many aspects of 12.8 (and its subsections) that are potentially ambiguous and open to interpretation, but this particular article is not going to focus on those
Continue reading here:
PCI Service Provider Contracting
Recent Comments