Archives: Retail Industry

Subscribe to Retail Industry RSS Feed

Washington State Passes Legislation Governing the Use of Biometric Information

Effective July 23, 2017, Washington will join Illinois and Texas as the third U.S. state to impose statutory restrictions on how businesses collect, use, disclose and retain biometric information. House Bill 1493 applies to entities that “enroll a biometric identifier in a database for a commercial purpose” and includes requirements to provide notice to individuals … Continue Reading

IoT Device Maker Settles Class Claims for $3.75 Million

In one of the first Internet of Things (IoT) class action settlements, the maker of a Bluetooth-enabled personal vibrator agreed to settle privacy class claims for $3.75 million. The We-Vibe product allows a user to connect the product to a smartphone. The user can then control the device from the phone via Bluetooth connection. The … Continue Reading

Unexpected Consumer Data Collection Concerns FTC

The Federal Trade Commission (FTC) has been turning its attention to consumer data collection and use that consumers may not expect, such as tracking of TV viewing by smart TVs, and use of cross-device technologies and techniques to try to associate users and households to multiple devices (e.g., TVs, mobile phones, tablets, computers, and other … Continue Reading

Latest Data Breach Settlement Illustrates Need for Companies to Prioritize Cybersecurity

On Aug. 5, 2016, the New York attorney general, Eric Schneiderman, announced a $100,000 settlement with an e-retailer following an investigation of a data breach that resulted in the potential exposure of more than 25,000 credit card numbers and other personal information. According to the investigation, on Aug. 7, 2014, in an all-too-common scenario, an … Continue Reading

New PCI Guidance Provides Businesses With Security Incident Response Assistance

A security event involving payment card data, especially card present data, can be one of the most costly events a company may face. Not only did a recent study report the average total cost of a data breach as $3.8 million, large payment card incidents such as those that occurred at Target and Home Depot … Continue Reading

2015 BakerHostetler Security Incident Response Report Provides Insight Beyond Technical Incidents

There is no longer a debate – security incidents are inevitable. Organizations are working to be better prepared to respond when the first sign of an incident is detected (often at 4:30 p.m. on a Friday). So what kind of incidents should they prepare for and how should they prepare? Annual reports from forensic investigation … Continue Reading

FCC’s New TCPA Order May Require Companies to Obtain Updated Consents for Marketing Calls and Texts

Last week we published an overview of key issues raised by the Federal Communications Commission’s July 10, 2015, Declaratory Ruling and Order regarding the Telephone Consumer Protection Act (the “July 2015 Order”). The July 2015 Order responded to 21 requests for clarification concerning previous rules and orders the FCC has issued pursuant to the TCPA, … Continue Reading

“Don’t Call Us, We’ll Call You.” The FCC’s Latest TCPA Ruling Imposes Even More Restrictions on Telemarketing Calls and Texts

On July 10, 2015, the Federal Communications Commission released the Omnibus Declaratory Ruling and Order (the Order) it adopted on June 18. The Order addresses requests for clarification regarding requirements under the Telephone Consumer Protection Act (TCPA) and previous rules and orders issued by the Commission. The Order, which took effect immediately upon release, is … Continue Reading

FTC Clarifies Native and Online Ad Obligations

The FTC, in recent staff statements, has sought to clarify advertisers’ and publishers’ obligations regarding native advertising and social media promotions, particularly regarding when and how to clarify to readers that a message is promotional and that the speaker has a material connection to the brand mentioned in the content. Further, the FTC has announced … Continue Reading

2015 BakerHostetler Incident Response Report Deeper Dive—Retailer Liability Arising from Stolen Payment Cards

We released the inaugural BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our attorneys advised on in 2014. Over the next four weeks, we will post several blogs that will provide a more in-depth look at certain findings. In this post, we cover one … Continue Reading

California Attorney General Releases 2014 Data Breach Report and Recommendations, Finding More of the Same.

Editor’s Note: The author thanks Jaysen Borja for his contributions to this post. On October 28, 2014, Attorney General Kamala Harris released the second annual California Data Breach Report.  The report detailed the nature and scope of data breach notifications that her office received in 2013.  Her office has been analyzing notifications of data breaches … Continue Reading

Why Worry About a Little Skimmer?

Merchants—rightfully so—are worried about securing their payment card environments so that their name does not appear in a headline discussing how millions of cards were stolen from them. Faced with the challenge of evaluating the use of P2PE and tokenization, the conversion necessary to prepare for the October 2015 EMV liability shift, reading the tea … Continue Reading

Secret Service Raises Warning About Backoff POS Malware

The Secret Service, which investigates financial crimes, issued a security Alert on July 31, 2014, warning of malware named “Backoff” that was being used to steal payment card data from point-of-sale (POS) systems.  The Alert notes that the attackers often gain initial network access by stealing or brute-forcing the passwords for remote desktop applications (e.g., … Continue Reading
LexBlog