BreachExchange mailing list archives
Should Retailers Have Bank-Level Security for Your Data?
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 30 Jan 2015 18:56:07 -0700
http://blog.credit.com/2015/01/should-banks-and-retailers-have-the-same-data-security-standards-107123/ Seven financial trade associations signed a letter to Congress urging the government to enact federal data breach legislation that would cover not only financial service providers but also all other entities, such as retailers, that store customer financial data. The letter argues that existing laws do not require the same levels of responsibility of entities that hold sensitive consumer information, leaving consumers uncertain of what to expect in the event of data breaches at companies they patronize. Data breach disclosure laws vary by state, and there have been multiple calls for federal legislation on the matter. Retailers are among those seeking federal laws. “For a long time, retailers and the National Retail Federation have supported the passage of federal breach notification legislation that would establish a uniform, nationwide standard for notice by any affected company that suffers a breach of personal information,” said Paul Martino, vice president and senior policy counsel for the National Retail Federation. As for the argument that retailers should be held to a higher standard of data protection, which the letter suggests, Martino said retailers comply with data security measures mandated by the payment card industry. In an op-ed published Jan. 26 in The Hill, the presidents of the Retail Industry Leaders Association and the NRF said merchants and financial services providers need to work together to better protect consumers. Congress started hearings on federal data breach notification legislation Tuesday. Without federal legislation dictating the way retailers, financial service providers and any other possessors of sensitive consumer information communicate the details of a data breach, customers can’t reasonably expect to receive timely updates on the status of their information that may have been compromised, proponents of federal legislation argue. With varying data protection and breach notification legislation by state, consumers are in many ways left to protect themselves. It’s a good idea to check daily your financial accounts for unauthorized transactions, as well as review your credit scores (which you can do for free every month on Credit.com) and credit reports for signs of fraud.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Should Retailers Have Bank-Level Security for Your Data? Audrey McNeil (Feb 03)