Showing 6 posts by Stephen E. Embry.
Tennessee has recently enacted some potentially far reaching changes to its data breach notification statutes. These changes could pose substantial burdens on businesses and professional organizations that do business in Tennessee and maintain personal information of Tennessee residents. Effective July 1, 2016, the Tennessee definition of what constitutes a “breach of the security of the system” that triggers notice includes not only the loss of unencrypted data but encrypted data as well (if that data includes personally identifiable information of Tennesseans). Tennessee is the first state in the country to eliminate a safe harbor from data breach notice obligations where the breach involves encrypted data. Read More ›
Should state Attorney General’s (AG’s) intrude in the private market place to influence the choice consumers and merchants’ make as to the type of payments they will prefer for credit card transactions? By any account, those are complicated business decisions involving complex cost, risk, marketing, technology and personal preference issues, which are often unique to each business’s situation. But nonetheless, this is exactly what nine Attorneys General recently did. Read More ›
In a short but very sweet ruling for the financial institutions suing Target to recover costs associated with mitigating the gigantic data breach suffered by Target in late 2013, Judge Magnuson certified the financial institutions class on Tuesday September 15.
The litigation of which we have previously written on a couple of occasions (see At Risk: Community Banks and the Recovery of Losses Due to Merchant Data Breach and Opening the Rule 23 Floodgates: Did Plaintiffs just hit the Data Breach Bulls-Eye?) stems from a data breach that impacted more than 100 million customers and cost the financial institutions over 30 million in losses primarily due to the reissuance of some 25,000 debit and credit cards. Read More ›
On July 10, 2015, the Federal Communication Commission (FCC) came out with new rules interpreting the Telephone Consumer Protective Act (TCPA). Read More ›
Regional and community Banks often serve as Issuer Banks by providing credit and debit cards to their customers. They also can often face losses because of downstream merchant data breaches that expose the credit and debit cards to misuse. The well known data breach of Target in late 2013 and Home Depo in 2014 are but two very public examples. Read More ›
Developments in the Rules Governing Personal Identifiable Information May Have Unexpected Consequences for Lenders And Other Businesses.
Much has been written of late about data breaches and the liabilities for the unauthorized acquisition of Personally Identifiable Information (PII) from institutions, including financial institutions. But what about when the alleged “breach”--the release of information --is voluntarily and/or legally compelled? What are the risks for creditors who take collateral, in security for the repayment of debt, containing PII data? What are the risks to businesses when they transfer assets that include PII? What liabilities do they face? What are the rights of customers? Read More ›
Ask the Blogger
Do you have a topic that you would like discussed in a future blog article? Please let us know. If you have a confidential question regarding a blog article, please feel free to contact the article's author directly, or let us know if you would like for someone to contact you directly.
Courtney Rogers Perrin practices in the Nashville office as a member of the Firm’s Electronic Payments and Blockchain practice groups. She assists clients with regulatory compliance, contract negotiations, acquisitions and fund formation relating to credit card processing and fintech enterprises, including smart contracts and virtual currency matters.