News

USA Today Posts Q & A Regarding Heartland Payment Systems Security Breach and Personal Information Data Loss

Posted on Jan 31, 2009

The following Q & A is from USA Today's technology blog:

"Don't expect a letter from Monster or Heartland Payment Systems letting you know they've lost your data. The breaches at Monster.com and Heartland Payment Systems are raising questions about the efficacy of data-loss disclosure laws enacted in at least 45 states.

Back in 2007 we wrote about how the financial services industry lobbied hard to block proposed federal rules requiring organizations to notify individuals whose data they lose, and to permit consumers to freeze their credit histories.

States such as California and Massachusetts have passed laws giving consumers these rights. But the Monster and Heartland capers have brought weaknesses in the legislation to center stage. I asked Lisa Sotto, head of privacy and information management at law firm Hunton & Williams, about this:

Q: Heartland and Monster told me they intend to comply with all state laws. That said, they have not announced plans to notify individual victims. Is that OK?

A: In the state breach notification laws, it is permissible to delay notification if a law enforcement agency determines that notification would impede a criminal investigation. If such a delay is requested by law enforcement, notification must be made after the law enforcement agency determines that notice would not compromise the investigation. I do not know if these companies received a delay request from a law enforcement agency.

...

Q: The only official notices from Heartland and Monster so far has been one-page disclosures posted on a web site. Does that cover them?

A: There are provisions in the state laws allowing for "substitute notice" if the number of individuals required to be notified exceeds a certain number (which differs by state), if the cost will exceed a certain dollar amount (which also differs by state), or if the business seeking to notify does not have sufficient contact information for the affected individuals. If substitute notice is used, the notifying party generally must send an email to the affected individuals if the notifying party has email addresses, post a notice on the web site page of the notifying entity, and notify media.

By Byron Acohido

[For complete article, see here]

The experienced class action attorneys at Franklin Gray & White represent victims of personal information data theft. The full truth behind the Heartland Security Breach will soon be known, as investigations are pending. If you or a love one believe that you may have been affected by the Heartland Payment Systems security breach, please contact the class action and complex litigation attorneys at Franklin Gray and White, or email Matthew L. White (mwhite@franklingrayandwhite.com) for a free consultation.

Franklin Gray & White

The Speed Mansion

505 West Ormsby Avenue

Louisville, Kentucky 40203

Tel: (502) 637-6000

Toll-Free: (800) 637-6033

Fax: (502) 637-1413

email: mwhite@franklingrayandwhite.com

Free Consultation

Begin your case review by filling out the form below or call us toll free at
(800) 634-8767.

Franklin Gray and White
The Speed Mansion
505 West Ormsby Avenue
Louisville, KY 40203
Phone: (502) 210-8942
Fax: (502) 637-1413
Toll Free: (800) 634-8767

Get Directions

Larry B. Franklin