Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Business Law

P & D S L

advertisement 
PDSLJApr2007
4/24/07
12:27 PM
Page 3
PRIVACY & DATA SECURITY
LAW JOURNAL
VOLUME 2
NUMBER 5
APRIL 2007
HEADNOTE: RFID
Steven A. Meyerowitz
389
THIS AD BROUGHT TO YOU BY RFID: THE RFID DEBATE JUST GOT MORE COMPLEX
PART ONE: THE TECHNOLOGY AND ITS IMPACT ON INDUSTRY
Catherine Meyer and Erin Fonté
391
A CIVIL LITIGATOR’S GUIDE TO THE COMPUTER FRAUD AND ABUSE ACT
Julia J. Rider
403
ATTORNEY/CLIENT PRIVILEGE WAIVER REQUESTS: CHARGING CORPORATIONS UNDER
THE MCNULTY MEMORANDUM
Kirsten V. Mayer
416
ALLEGED VIOLATIONS OF LAWS PROTECTING PRIVACY: WILL GENERAL LIABILITY
INSURANCE PAY?
Timothy P. Law and John N. Ellison
430
RECENT DECISIONS REGARDING EMPLOYEE EMAIL HIGHLIGHT NEED FOR EFFECTIVE
ELECTRONIC COMMUNICATIONS POLICIES
Kristin D. Sostowski
435
HOW THE NEW ELECTRONIC DISCOVERY RULES AFFECT YOUR BUSINESS
Mark E. Schmidt and Tiffany L. Wohlfeil
440
E-DISCOVERY: THREE MAJOR CHALLENGES FOR EMPLOYERS
Philip L. Gordon and Hillary R. Ross
446
REVISED CHILDREN’S TELEVISION RULES NOW EFFECTIVE
Mace J. Rosenstein and Tarah S. Grant
452
LIMITING LIABILITY FOR INFORMATION ON CREDIT AND DEBIT CARD RECEIPTS
Robert E. Feyder, Paul W. Sweeney, Jr., and Melanie Hibbs Brody
458
CALIFORNIA SUPREME COURT CONSTRUES SECTION 230
Jennifer L. Peterson
462
CIVIL UNIONS PROTECTED AND DISCRIMINATION BARRED IN NEW JERSEY
David I. Rosen and Steven J. Friedman
468
RECENT DEVELOPMENTS IN EU EMPLOYEE DATA PRIVACY LAW
Sebastien Ducamp, Cheryl Tama Oblander, and Heather Benno
473
CURRENT DEVELOPMENTS: PUT TO THE TEST: E-MAILS, DISCOVERY, AND THE
CONTINUING SAGA OF MORGAN STANLEY
Christopher J. Volkmer
478
PDSLJApr2007
4/24/07
12:27 PM
Page 4
EDITOR-IN-CHIEF
Steven A. Meyerowitz
President, Meyerowitz Communications Inc.
MANAGING EDITOR
Adam McNally
BOARD OF EDITORS
Michael P. Carlson
Faegre & Benson LLP
Michael Cohen
Wolf Block Schorr & SolisCohen
V. Gerard Comizio
Thacher Proffit Wood, LLP
Michael A. Gold
Jeffer Mangels Butler &
Marmaro LLP
Andrew J. Graziani
Hogan & Hartson L.L.P.
Benjamin S. Hayes
Accenture
Gary A. Kibel
Davis & Gilbert LLP
Satish M. Kini
Goodwin Procter LLP
Sharon R. Klein
Pepper Hamilton LLP
Rodney D. Martin
Warner Norcross & Judd LLP
Catherine D. Meyer
Pillsbury Winthrop Shaw
Pittman LLP
Adam C. Nelson
IBM Security & Privacy
Services
Jeffrey D. Neuburger
Brown Raysman Millstein
Felder & Steiner LLP
Scott M. Pearson
Stroock & Stroock & Lavan
LLP
Kenneth Rashbaum
Sedgwick, Detert, Moran &
Arnold LLP
William M. Savino
Rivkin Radler LLP
Gregory P. Silberman
Kaye Scholer LLP
Thomas J. Smedinghoff
Wildman, Harrold, Allen &
Dixon LLP
COLUMNISTS:
IDENTITY THEFT AND CONSUMER
PROTECTION
Peter Katz
Day, Berry & Howard LLP
NEW DEVELOPMENTS
Christopher J. Volkmer
Winstead P.C.
STRATEGIC PLANNING
Adam Petravicius
Jenner & Block LLP
THE STRATEGIC FRONT
Martin Abrams
Hunton & Williams LLP.
TRADE SECRETS
Jeffrey W. Post
Fredrikson & Byron P.A.
Christopher Wolf
Proskauer Rose LLP
The PRIVACY & DATA SECURITY LAW JOURNAL is published monthly by Sheshunoff Information
Services Inc., 1725 K St., N.W., Suite 700, Washington, D.C. 20006, Copyright © 2007 ALEXeSOLUTIONS,
INC. All rights reserved. No part of this journal may be reproduced in any form—by microfilm, xerography, or
otherwise—or incorporated into any information retrieval system without the written permission of the copyright owner. For permission to photocopy or use material electronically from the Privacy & Data Security Law
Journal, please access www.copyright.com or contact the Copyright Clearance Center, Inc. (CCC), 222
Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For subscription information and customer service, call 1-800-5722797. Direct any editorial inquires and send any material for publication to Steven A. Meyerowitz, Editor-inChief, Meyerowitz Communications Inc., 10 Crinkle Court, Northport, NY 11768, SMeyerow@optonline.net,
631-261-9476 (phone),631-261-3847 (fax). Material for publication is welcomed—articles, decisions, or other
items of interest to bankers, officers of financial institutions, and their attorneys. Although the utmost care will
be given material submitted, we cannot accept responsibility for unsolicited manuscripts. Unless specifically
noted, no statement in this Journal should be attributed to a specific editor, an editor’s firm or company, or the
board of editors as a whole. POSTMASTER: Send address changes to the Privacy & Data Security Law Journal,
Sheshunoff Information Services Inc., 1725 K St., N.W., Suite 700, Washington, D.C. 20006.
PDSLJApr2007
4/24/07
12:28 PM
Page 458
Limiting Liability for Information on
Credit and Debit Card Receipts
ROBERT E. FEYDER, PAUL W. SWEENEY, JR., AND MELANIE HIBBS BRODY
As the authors explain, federal law prohibits certain information
from being printed on electronically generated credit and debit
card receipts; they also discuss how businesses can limit their liability risks.
n December 4, 2003, Congress passed the Fair and Accurate
Credit Transactions Act of 2003 (“FACTA”),1 which amended the
Fair Credit Reporting Act (“FCRA”). The stated purpose of
FACTA was “To amend the Fair Credit Reporting Act, to prevent identity theft, improve resolution of consumer disputes, improve the accuracy
of consumer records, make improvements in the use of, and consumer
access to, credit information, and for other purposes.”2
In particular, FACTA amended Section 605 of the FCRA3 by adding
a subsection entitled “Truncation of Credit Card and Debit Card Account
Numbers.”4 Section 1681c(g) prohibits all persons and entities that
accept credit cards and debit cards for business transactions from printing
“more than the last 5 digits of the card number or the expiration date upon
any receipt provided to the cardholder at the point of sale or transaction.”
(the “Truncation Requirements”).5
O
The authors, attorneys with K&L Gates, can be reached at
robert.feyder@klgates.com, paul.sweeney@klgates.com, and melanie.brody@
klgates.com, respectively.
458
PDSLJApr2007
4/24/07
12:28 PM
Page 459
LIMITING LIABILITY FOR INFORMATION
ELECTRONICALLY PRINTED RECEIPTS
The Truncation Requirements apply only to electronically printed
receipts and not to transactions where the credit card or debit card account
number is solely recorded by handwriting or by an imprint or copy of the
card.6
Section 1681c(g) became effective on December 4, 2004 as to cash
registers or other machines or devices that electronically print receipts for
credit card or debit card transactions (“Electronic Printing Machines”)
that were first put into use on or after January 1, 2005.
For Electronic Printing Machines that were in use prior to January 1,
2005, Section 1681c(g) became effective on December 4, 2006.
DAMAGES
For each act of willful noncompliance with the Truncation
Requirements, credit card and debit card users may recover, upon proof
of loss, actual damages (e.g., loss incurred by the cardholder as a result of
identity theft) sustained as a result of the willful noncompliance or, without proof of loss, damages of not less than $100 and not more than
$1,000.7 In addition, punitive damages and attorneys’ fees may be recoverable.8
The federal circuit courts of appeal are currently split on the standard
for “willfulness” under the FCRA. In Reynolds v. Hartford Fin. Servs.
Group, Inc.,9 the Ninth Circuit held that a defendant may be found liable
for “willfully” violating the FCRA upon a finding of reckless disregard
for the FCRA’s requirements, absent a finding that the defendant knew its
conduct violated the FCRA. This holding is consistent with Third Circuit
case law, which also allows the award of punitive damages against a
defendant under the FCRA if the defendant “either knowing[ly]” adopted
a policy “in contravention of the rights possessed by consumers pursuant
to the FCRA or in reckless disregard of whether the policy contravened
those rights.”10
In contrast, the Seventh Circuit has held that “willfulness” requires
actual knowledge on the part of the defendant that the conduct violated
FCRA.11 Other circuits have a similar “actual knowledge” standard.12 As
459
PDSLJApr2007
4/24/07
12:28 PM
Page 460
PRIVACY & DATA SECURITY LAW JOURNAL
a result of this circuit conflict, the United States Supreme Court has
granted a petition for certiorari in two cases involving this issue. Oral
argument was heard on January 16, 2007. It is likely that this circuit conflict will be resolved in the early summer of 2007.
For each act of negligent noncompliance with the Truncation
Requirements, credit card and debit card users may only recover, upon
proof of loss, actual damages sustained as a result of the negligent noncompliance and reasonable attorneys’ fees.13
STATE STATUTES
A number of states, including California, have enacted statutes containing similar Truncation Requirements. For example, California Civil
Code Section 1747.09 prohibits any person or entity that accepts credit or
debit cards for business transactions from printing more than the last five
digits of the credit or debit card number or the expiration date on the
receipt provided to the cardholder. Like its FACTA counterpart, Section
1747.09 does not apply to the recordation of credit card or debit card
numbers by handwriting or by imprint.14 Visa and MasterCard, moreover,
also have their own Truncation Requirements and penalties.
Businesses that fail to comply with federal and state Truncation
Requirements risk enforcement actions by federal and state agencies,
including the Federal Trade Commission and states’ attorneys general, as
well as individual and class action lawsuits brought by cardholders.
Indeed, a number of such class action lawsuits were filed in federal courts
soon after December 4, 2006, the date FACTA became effective as to
Electronic Printing Machines in use prior to January 1, 2005. As a defendant in a class action lawsuit, a noncompliant business could face potential exposure in the multi-million dollar range, depending on the size of
the class and the nature of the violations (e.g., whether the noncompliance
was willful or negligent). In addition, Visa and MasterCard may assess
penalties on noncompliant businesses and terminate their ability to accept
and process credit cards.
460
PDSLJApr2007
4/24/07
12:28 PM
Page 461
LIMITING LIABILITY FOR INFORMATION
NOTES
15 U.S.C. §1601 et seq.
See Preamble to Public Law 108-159 (December 4, 2003).
3
15 U.S.C. § 1681c.
4
15 U.S.C. § 1681c(g).
5
15 U.S.C. § 1681c(g)(1).
6
Id. at § 1681c(g)(1).
7
11 U.S.C. § 1681n(a)(1).
8
11 U.S.C. § 1681n(b)(2)-(3).
9
435 F.3d 1081, 1099 (9th Cir. 2006).
10
See Cushman v. Trans Union Corp., 115 F.3d 220, 227 (3d Cir. 1997).
11
See Ruffin-Thompkins v. Experian Info. Sys., Inc., 422 F.3d 603, 610 (7th
Cir. 2005); Wantz v. Experian Info. Solutions, Inc., 386 F.3d 829, 834 (7th
Cir. 2004).
12
See, e.g., Phillips v. Grendahl, 312 F.3d 357, 370 (8th Cir. 2002); Dalton
v. Capital Associated Indus., Inc., 257 F.3d 409, 418 (4th Cir. 2001); Cousin
v. Trans Union Corp., 246 F.3d 359, 372 (5th Cir. 2001); Duncan v.
Handmaker, 149 F.3d 424, 429 (6th Cir. 1998).
13
11 U.S.C. § 1681o(a)(1)-(2).
14
Note that subject to certain exceptions, FCRA Section 625 preempts state
laws “with respect to any subject matter regulated under” FCRA Section 605.
Because FCRA Section 605 contains credit and debit card truncation requirements, state laws containing similar requirements are in many cases preempted.
1
2
461
Related documents
UCSB Accounting Association
UCSB Accounting Association
Fundamentals of Good Credit
Fundamentals of Good Credit
Calculus II Practice Problems 1 x a)
Calculus II Practice Problems 1 x a)
UCSB Accounting Association 32nd Annual Awards Banquet
UCSB Accounting Association 32nd Annual Awards Banquet
Fact or Fiction: Hear from Experts in the Field on the Tax Subjects
Fact or Fiction: Hear from Experts in the Field on the Tax Subjects
Accounting Chapter 3 Test
Accounting Chapter 3 Test
Download
advertisement