I’ve been intrigued lately with PCI DSS compliance. It has all retailers on edge, has multiple vendors drooling, and has spawned new laws and bills, such as in Minnesota and Texas. I’ve had interesting discussions about it with those who process credit card payments, and I’ve been doing some research into the various issues.
Posts Tagged ‘personal privacy’
Retail Locations Have Unique Challenges With PCI DSS Compliance
Friday, July 27th, 2007PCI DSS and Identity Theft
Monday, July 23rd, 2007Over the past month or so I’ve been discussing the Payment Card Industry (PCI) Data Security Standards (DSS) with some of my information assurance practitioner friends and colleagues and what they’ve been doing to meet the requirements and accompanying challenges. I was thinking about some of the issues over the weekend.
Privacy Law: Leahy & Specter File Personal Data Privacy Act of 2007 Bill
Thursday, February 8th, 2007On Tuesday, February 6, U.S. Sen. Patrick Leahy, D-Vt., and Sen. Arlen Specter, R-Pa., filed legislation,the Personal Data Privacy Act of 2007, that would, among other things, require organizations to notify consumers of security breaches as well as mandate the adoption of internal policies to protect personal data. This bill is generally the same as the bill Leahy proposed in 2005 and then again in 2006.
Privacy Breach: Bank in UK Sends Personal Data of 75,000 Customers to 1 Customer Requesting Her Own Statement
Wednesday, February 7th, 2007The Halifax Bank of Scotland sent the complete account information for 75,000 of their customers to one customer who had requested a copy of her own statement.
HIPAA: Congressional and GAO Reports Say HHS Needs To Make Changes To Protect Patient Privacy
Monday, February 5th, 2007According to a congressional testimony report posted February 1, “Private Health Records: Privacy Implications of the Federal Government’s Health Information Technology Initiative,” the Department of Health and Human Services (HHS) needs to do more to address privacy and security concerns connected with the new technology.
Here is an excerpt from the testimony statement of Senator Daniel K. Akaka:
PCI DSS and GLBA Compliance & Privacy Breach: Lawsuits Filed Against TJX
Sunday, February 4th, 2007Let’s look at the events that have occurred with the recent TJX computer hack and resulting privacy breach and identity thefts:
