Should Retailers Have Bank-Level Security for Your Data?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://blog.credit.com/2015/01/should-banks-and-retailers-have-the-same-data-security-standards-107123/

Seven financial trade associations signed a letter to Congress urging the
government to enact federal data breach legislation that would cover not
only financial service providers but also all other entities, such as
retailers, that store customer financial data.

The letter argues that existing laws do not require the same levels of
responsibility of entities that hold sensitive consumer information,
leaving consumers uncertain of what to expect in the event of data breaches
at companies they patronize. Data breach disclosure laws vary by state, and
there have been multiple calls for federal legislation on the matter.

Retailers are among those seeking federal laws.

“For a long time, retailers and the National Retail Federation have
supported the passage of federal breach notification legislation that would
establish a uniform, nationwide standard for notice by any affected company
that suffers a breach of personal information,” said Paul Martino, vice
president and senior policy counsel for the National Retail Federation.

As for the argument that retailers should be held to a higher standard of
data protection, which the letter suggests, Martino said retailers comply
with data security measures mandated by the payment card industry. In an
op-ed published Jan. 26 in The Hill, the presidents of the Retail Industry
Leaders Association and the NRF said merchants and financial services
providers need to work together to better protect consumers. Congress
started hearings on federal data breach notification legislation Tuesday.

Without federal legislation dictating the way retailers, financial service
providers and any other possessors of sensitive consumer information
communicate the details of a data breach, customers can’t reasonably expect
to receive timely updates on the status of their information that may have
been compromised, proponents of federal legislation argue.

With varying data protection and breach notification legislation by state,
consumers are in many ways left to protect themselves. It’s a good idea to
check daily your financial accounts for unauthorized transactions, as well
as review your credit scores (which you can do for free every month on
Credit.com) and credit reports for signs of fraud.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!