Menu
Another call for a nationwide breach-notification law
At last count, 47 states and the District of Columbia have laws on the books regarding how and when companies have to notify consumers when their data has been stolen. California recently updated its breach-notification statute, as Brian R. Blackman explains in a November 4, 2014, article on The National Law Review site.
(Image source: Data Driven Security)
The new version of California's law requires organizations that are the source of the breach to offer free identity-theft and other mitigation services for 12 months to the people affected by the breach. However, as Blackman points out, there is uncertainty about the circumstances under which such an offer must be extended to affected consumers.
On November 6, 2014, a coalition of service and retail industry associations sent a letter to the leaders of the U.S. Congress calling for a single federal regulation setting the standard for data-breach notification requirements nationwide. Francine Friedman and Matthew Thomas write in a November 7, 2014, article on JD Supra Business Advisor that the coalition's letter presents retailers and service providers as victims and points the finger at the failure of the payment cards.
The U.S. trails Europe in the use of "chip-and-pin" technologies to secure credit-card payments. On October 17, 2014, the White House issued an Executive Order requiring in part that as of January 1, 2015, all new payment processing terminals must support chip-and-pin and other "enhanced security features."
Considering the speed of government, we can't expect any federal breach-notification standards or widespread use of chip-and-pin-enabled credit cards until well into 2015 -- if not later. Until then, anticipate that the data breaches will continue to grow in terms of the number of and size of attacks, the number of companies and consumers affected, and the amount of damage inflicted by the attacks.
This holiday shopping season, park your debit card, mind those credit-card digits, keep a close watch on your financial statements, and buy with cash when you can.
(Image source: Data Driven Security)
The new version of California's law requires organizations that are the source of the breach to offer free identity-theft and other mitigation services for 12 months to the people affected by the breach. However, as Blackman points out, there is uncertainty about the circumstances under which such an offer must be extended to affected consumers.
On November 6, 2014, a coalition of service and retail industry associations sent a letter to the leaders of the U.S. Congress calling for a single federal regulation setting the standard for data-breach notification requirements nationwide. Francine Friedman and Matthew Thomas write in a November 7, 2014, article on JD Supra Business Advisor that the coalition's letter presents retailers and service providers as victims and points the finger at the failure of the payment cards.
The U.S. trails Europe in the use of "chip-and-pin" technologies to secure credit-card payments. On October 17, 2014, the White House issued an Executive Order requiring in part that as of January 1, 2015, all new payment processing terminals must support chip-and-pin and other "enhanced security features."
Considering the speed of government, we can't expect any federal breach-notification standards or widespread use of chip-and-pin-enabled credit cards until well into 2015 -- if not later. Until then, anticipate that the data breaches will continue to grow in terms of the number of and size of attacks, the number of companies and consumers affected, and the amount of damage inflicted by the attacks.
This holiday shopping season, park your debit card, mind those credit-card digits, keep a close watch on your financial statements, and buy with cash when you can.