![]() ![]() The Attorney General’s letter rejected the FAQ’s stance on the CVV notification requirement entirely, citing the FAQ and responding: “This is not correct. Essentially, the FAQ asserted that a company fallen victim to a data breach has a legal obligation to notify customers only if CVV numbers are stolen alongside account or credit card numbers a card number alone does not trigger those requirements. The AG’s letter was a response to an FAQ provided to client retailers after a company suffered a data breach. Commanding the support of 14 additional state’s AGs offices (including Connecticut, Colorado, Pennsylvania, Virginia, Mississippi, Illinois, North Carolina, Kentucky, Oregon, Iowa, Arkansas, Washington, Maryland, and Minnesota) the letter holds that companies who suffer a data breach still have an obligation to notify consumers under state statutes even when CVV numbers are not exposed. ![]() In a letter published on June 5, 2017, the New York Attorney General's Office (“AG”) signaled a significant change in its interpretation of data breach notification laws that favors increased customer notification. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |