Merchants who accept credit cards have a duty to protect customer information, not only by law (see, e.g., 201 CMR 17.00), but also because the credit card companies tell them so. The Payment Card Industry Security Standards Council was created by Visa, MasterCard and American Express to tell merchants precisely what they are supposed to do to protect consumers. Merchants must follow the Payment Card Industry Data Security Standard (PCI DSS) or risk fines or losing the ability to process credit cards. … More
Tag Archives: PCI DSS
At most restaurants, when the time comes to pay the check, you hand over your credit card and a waiter you’ve known for only about an hour takes off with your credit card. You trust that the waiter will only charge your meal and won’t make off with your card number. But if you ever have been to a Legal Sea Foods restaurant, you will notice that the waiter brings a handheld electronic device to your table to swipe your credit card when you are ready to pay the bill. … More
Does Briar Group’s Massachusetts Settlement Create a New Legal Standard That Businesses Must Meet to Protect Personal Information?
A recent settlement in a data breach case exemplifies how the government can go beyond a statutory scheme and use private industry standards to protect personal information and impose sanctions on violators.
The Massachusetts AG filed suit against the Briar Group, the owner of a number of bars in the Boston area (including two of my personal favorites, the Harp and Ned Devine’s) in the wake of a 2009 data breach involving credit card numbers and other personal data. … More