Tag: data protection

1
Connecticut Mandates Identity Theft Services for SSN Data Breaches
2
Circuit Court Declares Bank’s Wire Transfer Security to Be Commercially Unreasonable Under UCC Article 4A

Connecticut Mandates Identity Theft Services for SSN Data Breaches

By: Holly K. Towle

On June 30, 2015, Connecticut’s governor signed into law an amendment to the state’s data-security-breach-notice statute to mandate “appropriate” identity theft prevention services for breaches involving social security numbers. Identity theft mitigation services are also required “if applicable” (e.g., if identify theft actually occurs). The services must be provided at no cost and for at least 12 months. The statute does not explain which identity theft “prevention” or “mitigation” services are mandated or which are “appropriate.”

Read More

Circuit Court Declares Bank’s Wire Transfer Security to Be Commercially Unreasonable Under UCC Article 4A

By: Holly K. Towle

In 2010 we reported on the “Wave of Online Banking Fraud Targeting Businesses” that use online banking relationships to make electronic fund transfers by wire or ACH. The fraudsters use malware such as key-loggers to steal access credentials and then start draining the business’ account. In the U.S., the transfers are governed by Article 4A of the Uniform Commercial Code (“UCC”). Consumer accounts are not impacted by Article 4A: they are eligible for the consumer protections afforded by the federal Electronic Funds Transfer Act and Regulation E, which limit a consumer’s exposure to fraudulent transfers to a maximum of $50 as long as the consumer promptly reports the fraudulent activity. Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.