BreachExchange mailing list archives
Obtaining PCI Co sanction info through legal discovery
From: "B.K. DeLong" <bkdelong () pobox com>
Date: Thu, 27 Sep 2007 14:44:17 -0400
Hi all - Many of us have been challenged in obtaining information from the PCI Consortium about which companies have been fined, how much and who among them have lost their processing privileges. I know it's happening because I have spoken to folks in-the-know who tell me it's happening but are under NDA. Such information would help to combat the notion that the PCI DSS has no teeth as well as assist those of us responsible for addressing PCI DSS within our organizations obtain funding to do so by providing metrics on its impact to management. I've spoken with a few lawyers and asked if information about said sanctions could be obtained through discovery during legal proceedings. Here's the gist of the response - which may already be a no-brainer to many of you. "Certainly anything that the PCI Consortium would have communicated or delivered to the company in violation of the DSS would be discoverable. In some situations one can obtain fine letters from the bank for litigation purposes without a subpoena." Perhaps such insight can be the basis for gathering information about any PCI Co actions regarding the thousands of breaches in the Data Loss Database. Though who would be willing to wade through legal proceedings and contact the lawyers of those suing companies for breach of their client's credit card information ? Thoughts? -- B.K. DeLong (K3GRN) bkdelong () pobox com +1.617.797.8471 http://www.wkdelong.org Son. http://www.ianetsec.com Work. http://www.bostonredcross.org Volunteer. http://www.carolingia.eastkingdom.org Service. http://bkdelong.livejournal.com Play. PGP Fingerprint: 38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE FOAF: http://foaf.brain-stream.org _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Obtaining PCI Co sanction info through legal discovery B.K. DeLong (Sep 27)
- Message not available
- Re: Obtaining PCI Co sanction info through legal discovery B.K. DeLong (Sep 27)
- Message not available