Last month, two New Jersey judges issued opposing decisions in class action lawsuits regarding merchants’ point-of-sale ZIP code collection practices. The conflicting orders leave unanswered the question of whether New Jersey retailers are prohibited from requiring and recording customers’ ZIP codes at the point of sale during credit card transactions.
Continue Reading New Jersey Courts Issue Conflicting Rulings in ZIP Code Collection Cases

On September 12, 2011, the Commissioner for Data Protection and Freedom of Information of the German federal state of North Rhine-Westphalia imposed a fine of €60,000 on Easycash GmbH for unlawfully transferring bank account information.

Continue Reading German State DPA Fines Payment Transaction Provider for Unlawful Transfer of Transaction Data

The UK Information Commissioner’s Office found that Lush Cosmetics Ltd. violated the Data Protection Act 1998 by having insufficient measures to protect customer data on its retail website. The ICO required Lush to process customer payment card data in compliance with the Payment Card Industry Data Security Standard but did not impose a monetary penalty on the company.

Continue Reading Lush Avoids ICO Fine After Website Data Breach

On June 13, 2011, Representative Mary Bono Mack released a discussion draft of of the Secure and Fortify Data Act, which would establish federal data security and breach notification requirements.

Continue Reading Representative Mary Bono Mack Releases Discussion Draft of the SAFE Data Act

On April 5, 2011, Lisa Sotto, partner and head of the Privacy and Data Security practice at Hunton & Williams LLP, discussed the Epsilon email breach in an interview with Tracy Kitten of Information Security Media Group.  The interview covered issues such as data protection requirements for sensitive consumer data, steps companies should take

On March 28, 2011, Massachusetts Attorney General Martha Coakley announced a settlement with the Briar Group in connection with a 2009 data breach that jeopardized the payment card information of “tens of thousands” of consumers.

Continue Reading Massachusetts Attorney General Reaches $110,000 Data Breach Settlement with Boston Restaurant Group

On January 13, 2011, the China Banking Regulatory Commission issued its first comprehensive provisions relating to the credit card business, including regulations on marketing, managing application materials, and truncating account numbers that appear on credit card statements and receipts.

Continue Reading China Issues New Measures to Protect Credit Card Holders

On February 10, 2011, the California Supreme Court ruled that ZIP codes are “personal identification information” under the state’s Song-Beverly Credit Card Act of 1971, effectively prohibiting California businesses from requesting and recording cardholders’ ZIP codes during credit card transactions.

Continue Reading California Supreme Court Finds that ZIP Codes Are Personal Identification Information Under Song-Beverly Act