BreachExchange mailing list archives
Washington Governor Signs Payment Card Data Breach Liability Provisions Into Law
From: "Sasha Romanosky" <sromanos () andrew cmu edu>
Date: Fri, 16 Apr 2010 18:00:55 -0400
This represents a set of new (and different) breach laws that, from what I can tell, have a much better chance of impacting firms. We see over and over how plaintiffs just aren't able to prove the necessary conditions for a negligence action. However, for these laws, both the causality and "actual harm" are clear. i.e., but-for the breach, the bank would not have to incur the cost of replacing the (physical) payment cards. Bellwether or Bust? Washington Governor Signs Payment Card Data Breach Liability Provisions Into Law http://privacylaw.proskauer.com/2010/04/articles/financial-privacy/bellwethe r-or-bust-washington-governor-signs-payment-card-data-breach-liability-provi sions-into-law/ Posted on April 13, 2010 by Brendon Tavelli On March 22, 2010, Washington Governor Christine Gregoire signed H.B. 1149 into law, making her state the second behind Minnesota (see our post here) to hold businesses and governmental entities responsible to financial institutions for certain costs arising from payment card information breaches. As of July 1, entities that process more than 6 million credit or debit card transactions annually (referred to in PCI parlance as "level 1" merchants) who fail to reasonably safeguard card information can be required to reimburse financial institutions for the costs related to the re-issuance of cards as well as attorneys fees and costs in the event that a security breach involving payment card information is a proximate result. H.B. 1149 also includes a provision to make vendors of card processing software and equipment liable to financial institutions for these costs to the extent such damages are proximately caused by the vendor's negligence. The amount of such damages, of course, will depend on the particular breach. cheers, sasha _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Mississippi Passes Data Breach Notification Law lyger (Apr 16)
- Re: [Dataloss] Mississippi Passes Data Breach Notification Law Chris Walsh (Apr 16)
- Washington Governor Signs Payment Card Data Breach Liability Provisions Into Law Sasha Romanosky (Apr 18)
- Re: [Dataloss] Mississippi Passes Data Breach Notification Law Chris Walsh (Apr 16)