BreachExchange mailing list archives

Washington Governor Signs Payment Card Data Breach Liability Provisions Into Law

From: "Sasha Romanosky" <sromanos () andrew cmu edu>
Date: Fri, 16 Apr 2010 18:00:55 -0400


This represents a set of new (and different) breach laws that, from what I
can tell, have a much better chance of impacting firms. We see over and over
how plaintiffs just aren't able to prove the necessary conditions for a
negligence action. However, for these laws, both the causality and "actual
harm" are clear. i.e., but-for the breach, the bank would not have to incur
the cost of replacing the (physical) payment cards.



Bellwether or Bust? Washington Governor Signs Payment Card Data Breach
Liability Provisions Into Law 
http://privacylaw.proskauer.com/2010/04/articles/financial-privacy/bellwethe
r-or-bust-washington-governor-signs-payment-card-data-breach-liability-provi
sions-into-law/

Posted on April 13, 2010 by Brendon Tavelli 

On March 22, 2010, Washington Governor Christine Gregoire signed H.B. 1149
into law, making her state the second behind Minnesota (see our post here)
to hold businesses and governmental entities responsible to financial
institutions for certain costs arising from payment card information
breaches. As of July 1, entities that process more than 6 million credit or
debit card transactions annually (referred to in PCI parlance as "level 1"
merchants) who fail to reasonably safeguard card information can be required
to reimburse financial institutions for the costs related to the re-issuance
of cards as well as attorneys fees and costs in the event that a security
breach involving payment card information is a proximate result. H.B. 1149
also includes a provision to make vendors of card processing software and
equipment liable to financial institutions for these costs to the extent
such damages are proximately caused by the vendor's negligence. The amount
of such damages, of course, will depend on the particular breach.


cheers,
sasha

_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php

Current thread:

Mississippi Passes Data Breach Notification Law lyger (Apr 16)
- Re: [Dataloss] Mississippi Passes Data Breach Notification Law Chris Walsh (Apr 16)
  - Washington Governor Signs Payment Card Data Breach Liability Provisions Into Law Sasha Romanosky (Apr 18)