Nevada Mandates PCI DSS
Monday, June 22nd, 2009 Posted in Compliance, Encryption, Government, Legislation, PCI DSS | No Comments »As we've been expecting for some time, states are beginning to take action with respect to mandating PCI DSS. The trend began with Minnesota's Plastic Card Security Act, which prohibited the storage of sensitive authentication data. While not ...
PCI vs The Law
Friday, September 26th, 2008 Posted in Europe, Legislation | No Comments »Since the emergance of the PCI DSS there have been many questions regarding how requirements should be addressed with respect to state, national, or local laws. For example, in several European countries it may be illegal for you to (1) ...
Society of Payment Security Professionals Offers Video
Tuesday, September 23rd, 2008 Posted in Compliance, Legislation, PCI DSS, SPSP, Society of Payment Security Professionals | No Comments »The Society of Payment Security Professionals (SPSP) has updated the website to include streaming video. Members can watch short videos related to relevant topics such as Cardholder Data, FACTA, PCI DSS Requirements, PCI Scoping, and Risk. Speakers include ...
Does PCI legislation reduce data compromises?
Wednesday, November 7th, 2007 Posted in Legislation | No Comments »I've been thinking about the question if PCI legislation, such as the Minnesota law, helps reduce data compromises. Michael Santarcangelo and Patrick Romero wrote an article on this legislation, but this only explores the potential impact. I highly recommend ...
Details behind state PCI legislation
Thursday, November 1st, 2007 Posted in Legislation | No Comments »Security Catalyst has a nice article that discusses the Minnesota PCI legislation with a perspective on the courts, businesses, and potential impacts. This is all happening outside the realm of the industry PCI compliance requirements and will act as, yet another, ...
Concerned consumers push for credit card data security law in California
Saturday, October 13th, 2007 Posted in Government, Legislation | 1 Comment »The backlash started slow with a law in Minnesota and Texan (almost and maybe still) and continues with the presumed passage of California AB 779. This is legislation that would address data security breach notification, require card replacement, and ...
Week in review
Thursday, September 27th, 2007 Posted in Legislation, Payment Applications | 3 Comments »I like to hear comments like those from Mike Rothman about PCI: So what's the bottom line? Basically, there is nothing required in the PCI DSS that is overly onerous. Any organization that has been taking security seriously for the past ...
Nessus audit files and UK petitions to make PCI law
Wednesday, July 11th, 2007 Posted in Compliance, Europe, Government, Legislation | 6 Comments »The week has been quiet as people work vigorously on their PCI compliance projects. Here's some things that might help you along. Tenable Network Security, the company that brought you Nessus, has "produced two Nessus PCI configuration .audit files for ...
PCI Law
Friday, June 8th, 2007 Posted in Legislation | 3 Comments »I was at the ERI eXchange conference in Boston and met some interesting people, one of them was Benita Kahn, partner at Vorys, Sater, Seymour and Pease LLP. Benita is legal counsel for a major bank and has (probably) been ...
California data handling laws
Friday, June 8th, 2007 Posted in Compliance, Government, Legislation | 1 Comment »Well, the LogBlog beat us to it, in posting about California's laws on data handling. I read through the bill they link to and it's all about storage and disclosure. From the bill: The bill would also prohibit a ...
