| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| « Feb | ||||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | ||
- February 7, 2007: New Techniques for Guarding Financial Data
- February 6, 2007: Increased Scrutiny From Card Associations in 2007
- January 28, 2007: The State of PCI Compliance 2007
- January 23, 2007: Background Checks on IT Personnel
- January 5, 2007: 100 Million Notifications of Data Breaches in US
- December 17, 2006: Inside Jobs: The Risk of Data Breach From Insider Threats
- December 12, 2006: Card Associations Step Up PCI Enforcement
- December 1, 2006: CompTIA Survey Emphasizes Importance of Security Training
- December 1, 2006: CompTIA Survey Emphasizes Importance of Security Training
- November 16, 2006: Average data breach costs $5 million
Credit Card Companies
FAQ
Helpful Sites
Payment Card Industry Compliance and Data Breach Laws
As if complying with the Payment Card Industry requirements, including the newly revised Data Security Standard, were not already challenging enough, any entity that stores sensitive personal information must also comply with a myriad of regulations such as data breach laws. About.com has an excellent section about identity theft and data breach disclosure.
Currently, there is no federal law that directly addresses data breaches, but numerous states have enacted their own legislation. Unfortunately, these laws are very diverse, with little consistency on even fundamental components like the definitions of key terms such as breach, personal information, and risk. Furthermore, since these laws protect residents of each of these states, an entity that stores personal information is subject to that resident’s state laws, even if the entity does not have a location in that state.
One of the best sources that I have found for concise information about state laws regarding data breaches is the Security Breach page on the VigilantMinds site. They provide an executive summary of state legislation as well as a matrix that compares key provisions of all of the state laws. In addition, they provide links to the actual legislation of each state. While this is certainly not a substitute for seeking legal advice on this matter, their site can save you and possibly even your attorney a lot of time.
Earlier this year, a draft bill was debated by the House of Representatives. The bill was called the Data Accountability and Trust Act (DATA), and if passed, it would have preempted all existing state laws. For now, the bill has been tabled. Dr. Heather Mark published an article entitled The Ever Changing Challenge of Compliance that gives an excellent overview of the provisions of this bill.
If your organization stores personal information, I hope that the links above will help you better understand the maze of regulations related to data breaches.