Tsibouris & Associates Home | Practice Areas | Attorneys | Contact | Publications | Clients | Blog Home

Wednesday, April 25, 2007

New England Banks to Sue TJX

The Boston Globe reports that a group of New England banks are planning to sue TJX Cos. over TJX's data breach.

Labels: , , ,


Privacy & Civil Liberties Oversight Board 2007 Report

The Privacy & Civil Liberties Oversight Board recently released its report (PDF) to Congress on the Board's major activities during the preceding year. The Board's conclusions regarding Anti-terrorism policies and programs will probably be scrutinized and discussed:

Based upon its review, the Board has concluded that the Executive Branch’s conduct of these surveillance activities appropriately considers and reasonably protects the privacy and civil liberties of U.S. Persons. As a result of the new FISA Court Orders, the highly regimented Executive Branch process of justification, review, approval, and auditing has been further augmented by court supervision. This provides reasonable assurance that national security and privacy and civil liberties interests are appropriately balanced. The Board found no evidence or reasonable basis to believe that the privacy and civil liberties of U.S. Persons are improperly threatened or impinged under the surveillance conducted by the Executive Branch, either under the TSP or subsequently under the new FISC Orders. In the opinion of the Board, it appears that the officials and personnel who were involved in conducting the TSP, and who now are responsible for implementing surveillance under the FISC Orders, are significantly aware and respectful of U.S. Constitutional and legal rights and protections for U.S. Persons, and they are actively committed to protecting privacy and civil liberties of U.S. Persons in conducting such surveillance.

Hat tip: beSpacific

Labels: , ,


Thursday, April 19, 2007

SEC's new Anti-Money Laundering Source Tool

On April 16, 2007, the Securities and Exchange Commission announced the availability of the "AML Source Tool," a research guide and compliance tool to assist anti-money laundering compliance efforts by broker-dealers.

Broker-dealers have compliance obligations under statutory and regulatory provisions and related rules of the securities self-regulatory organizations (SROs). The AML Source Tool, developed by the SEC's Office of Compliance Inspections and Examinations (OCIE), compiles and organizes key AML laws, rules and related guidance applicable to broker-dealers and provides links to these materials to promote easy accessibility.

Labels: , ,


Tuesday, April 17, 2007

FDIC Supervisory Policy on Identity Theft

On April 11, 2007, the FDIC issued Financial Institution Letters FIL-32-2007, Supervisory Policy on Identity Theft.

Financial institutions have an affirmative and continuing obligation to protect the privacy of customers' nonpublic personal information. Despite generally strong controls and practices by financial institutions, methods for stealing personal data and committing fraud with that data are continuously evolving. The FDIC treats the theft of personal financial information as a significant risk area due to its potential to impact the safety and soundness of an institution, harm consumers, and undermine confidence in the banking system and economy. The FDIC believes that its collaborative efforts with the industry, the public and its fellow regulators will significantly minimize threats to data security and consumers.

Labels: ,


Wednesday, April 11, 2007

Data Breaches and Buyer Behavior

Javelin Strategy & Research has a study for purchase entitled "Data Breaches and Buyer Behavior: Moving PCI Compliance from Costly Burden to Competitive Advantage" (link is to the free preview).

Hat tip to Payments News which states:

The study concludes that "77% of consumers intend to stop shopping at merchants that suffer from data breaches. Retailers and merchants are viewed by 63% of consumers as the least secure when protecting consumer’s data, compared with processors (16%), card networks like Visa or MasterCard (5%) and issuers (5%). When little is known about a data breach, half of all consumers automatically consider the merchants where they shop to be at fault. However, 85% will reward merchants who are perceived as security leaders with increased purchases."

Labels: ,


TJX Companies 10K on Computer Intrusions

This InternetNews story says that TJX Companies, Inc. revealed to the SEC that as many as 47.5 million customer records were stolen during TJX's highly publicized computer intrusion. For those interested, here's TJX's 10-K filing. Pages 7-10 are devoted to a discussion of the computer intrusion and pages 18-21 detail the 19 legal proceedings related to the computer intrusion. Page 21 also details the various government investigations in regards to the computer intrusion.

Obviously, the security breach will not be cheap for TJX.

Recent News Stories:

Labels: , ,