Tag Archives: PCI DSS

Wyndham Settles FTC Charges in FTC v. Wyndham

On December 9, 2015, the FTC announced that Wyndham Worldwide Corporation settled charges brought by the FTC stemming from allegations that the company unfairly failed to maintain reasonable data security practices.… Continue Reading

PCI Security Standards Council Releases Enhanced Validation Requirements for Designated Entities as PCI DSS Version 3.0 Set to Retire

The PCI Security Standards Council recently published a set of enhanced validation procedures designed to provide greater assurance that certain entities are maintaining compliance with the PCI Data Security Standard effectively and on a continuing basis. In addition, on July 1, 2015, PCI Data Security Standard Version 3.0 is being retired and the controls previously designated by Version 3.0 as best practices will become mandatory.… Continue Reading

Lush Avoids ICO Fine After Website Data Breach

The UK Information Commissioner's Office found that Lush Cosmetics Ltd. violated the Data Protection Act 1998 by having insufficient measures to protect customer data on its retail website. The ICO required Lush to process customer payment card data in compliance with the Payment Card Industry Data Security Standard but did not impose a monetary penalty on the company. … Continue Reading

Nevada Updates Encryption Law and Mandates PCI DSS Compliance

As of January 1, 2010, Nevada law will require businesses to use encryption when data storage devices that contain personal information are moved beyond the physical or logical controls of the business, in addition to continuing to require that personal information be encrypted if it is transferred outside the secure system of the business. The … Continue Reading

Liability for Data Security Auditors

A lawsuit that will soon commence in Arizona has the potential to alter the data breach liability landscape by making data security auditors liable for data breaches experienced by the companies they audit.  The case, Merrick Bank Corp. v. Savvis Inc., has its origins in events that began in 2003, when Merrick Bank (“Merrick”) offered … Continue Reading
LexBlog