Data Protection Law Compliance

Minnesota made waves in 2007 when it became the first state to make part the Payment Card Industry (“PCI”) Data Security Standard applicable to its Plastic Card Security Act. Although it has taken over two years, Nevada has become the second state to incorporate PCI and it has done so by making all of the PCI standard applicable.
Continue Reading Payment Card Industry Data Security Standard Comes to Nevada

UPDATE: Whether it is because of the economy, or a fear that the Red Flags Rules affects far more retailers than may be understood, the FTC has granted a further delay of enforcement of the Red Flags Rules until August 1, 2009.  Additionally, the FTC will issue a template for lower risk covered entities.  The most recent update can be read here.

This time, nobody can accuse the Federal Trade Commission (“FTC”) and other agencies of implementing new requirements that sneak up on us. These particular regulations (the “Red Flags Rules”), which require that financial institutions and creditors develop and implement written identity theft prevention programs, were issued by the FTC, the federal bank regulatory agencies and the National Credit Union Administration ("NCUA"), as part of the Fair and Accurate Credit Transactions (FACT) Act of 2003 go into effect on August 1, 2009. Originally, the Red Flag Rules would have taken effect on November 1, 2008, which was then extended to May 1, 2009.

The Red Flags Rules require that a program be put in place by financial institutions and creditors that provides for the identification, detection, and response to patterns, practices, or specific activities – known as “red flags.” The purpose of the Red Flags Rules is to help avoid identity theft.

Continue Reading Red Flags Rules Further Delayed, Now Go Into Effect August 1, 2009