Computerworld
Quick Menu
Search



Ads by TechWords

See your link here


Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.
Laptops
Toshiba Laptops with Intel® Centrino® Duo. Free Shipping

Bracing for the New Privacy Laws

Robert L. Mitchell   Today’s Top Stories   or  Other Privacy Stories  
 

Sign up to receive Privacy Resource Alerts

June 30, 2003 (Computerworld) -- One would think that, some eight years into the Internet age, enlightened self-interest would have motivated financial services and e-commerce vendors to put a higher value on maintaining the integrity of customer data. But companies' seeming inability to follow a consistent and reliable security model for the use of customer data, and the secretive approach taken to handling credit card security breaches, have helped create a consumer backlash - and a torrent of state and federal legislation.


The latest regulatory salvo, California Senate Bill 1386 (SB 1386), becomes law July 1, and more regulations are coming. The law requires companies to disclose any compromise of customer data to every affected consumer residing in California within 48 hours. And if you don't have up-to-date contact information for those consumers, you must post a notification on your Web site—the e-commerce equivalent of a scarlet letter.


Financial services companies worry that the negative publicity associated with disclosing data compromises could wreak havoc with consumer confidence in both e-commerce and the financial services industry. Consumer fears have been fueled by a string of high-profile data losses, including the compromise of some 8 million credit card numbers at card processor Data Processors International Inc. (DPI) last February. Most of the affected card associations' member banks didn't notify affected customers, despite the possibility that those numbers could be used in conjunction with so-called skip-trace database services online to gain enough information for identity theft.


E-commerce vendors, left in the dark about which card numbers were affected, had to make doubly sure they were checking card verification codes to protect themselves against chargebacks. Fear of negative publicity has kept the issue under wraps. Fear of legal penalties and lawsuits under new laws will now push the issue to the forefront as never before.


In the case of credit card number theft, card associations do provide security guidelines to merchants and banks, but not all organizations abide by them, says Julie Fergerson, chairman of the Merchant Risk Council in New York. "If DPI had done the [MasterCard] Site Data Protection program ... the break-in never would have occurred," she says. Now legislatures have stepped in to enforce change.


That leaves IT professionals to struggle with the intricacies SB 1386 and similar federal legislation, called the Database Security Breach Notification Act, that Sen. Dianne Feinstein (D-Calif.) introduced last week. Bills pending in the Senate include the Social Security Number Misuse Prevention Act and the Privacy Act, which prohibit the display, sale or purchase of Social Security numbers and other personally identifiable information without the consumer's permission. Another bill, the Identify Theft Prevention Act, would prohibit the printing of full credit card numbers on receipts.

Continued...
1 | 2 | NEXT  



Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story
Bracing for the New Privacy Laws
"Yes, NASA has confirmed that some laptops taken to the International Space Station were infected with an online-gaming password stealing..." Read more...
"Linux is more secure than most operating systems, but Not if you don't practice basic security measures..." Read more...
Read more Security posts or See all Blogs
Cellular operators say they're ready for Gustav
Psystar calls Apple a 'monopoly' in antitrust charges
Doubt cast on Seinfeld as Windows TV ads near
More top stories...
IT workers hit hardest by offshore outsourcing, survey finds
Microsoft: No more Windows Live Mail crashes with IE8 Beta 2
Microsoft warns of IE8 lock-in with XP SP3
Telework can change office dynamics in ways you hadn't anticipated. Proceed cautiously.
Got a painfully slow connection or random dead spots? Our tips will help you get the most out of your wireless network.
Listen up, managers: Employees don't quit the job; they quit you.
Netbooks, ultraportables, mini-notebooks — whatever you call them, they've been grabbing headlines. Are they here for the long term or just a flash in the pan?
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Business Continuity Zone
The File Data Management Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Business Intelligence and Analytics Zone
Windows Protection Zone
Identity & Security Management Zone

Ads by TechWords

See your link here
From Laggard to Leader: Transforming the Data Center
From Laggard to Leader: Transforming the Data Center
Register for this complimentary live webcast today!
Go to the webcast 
Learn-Fast Guide: Software as a Service is Growing Up
Download this Computerworld Executive Briefing, a $195 value, for free! Compliments of Akamai.
(Source: Computerworld) SaaS is here to stay as an application delivery channel. You will be using it, but will you do so wisely? This Learn-Fast Guide will prepare you for software delivered over the Web. From security issues to contract negotiations, there's a lot to consider ... and a lot to gain.
Download this executive briefing download
Windows® Enterprise Data Protection with Symantec Backup Exec™
Get this white paper now!
(Source: Symantec) With data protection becoming more distributed and IT resources increasingly constrained, businesses need a centralized data protection strategy that can manage multiple backup and recovery jobs. Learn how to address these critical enterprise challenges with dynamic disk-based data protection.
Download this white paper go
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Archiving Compliance with Sunbelt Exchange Archiver
The Impact of Messaging and Web Threats
Advanced Load Balancing: 8 Things You Need to Handle Today's Network Traffic
View more whitepapers