How to use existing standards to prevent data breaches

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://thehill.com/blogs/congress-blog/technology/253300-how-to-use-existing-standards-to-prevent-data-breaches

Who’s standing between fraudsters and your most sensitive personal
information? The answer is your financial institution.

With the recent rash of data breaches, including the theft of more than
22.5 million records from the Office of Personnel Management, personal
information is being exposed at an alarming rate. Data breaches frequently
give cybercriminals access to information such as Social Security numbers,
dates of birth, employment history and health data—making Americans more
susceptible to identity theft. Everyone that holds or transfers personal
information must step up to the plate to better protect consumers, and they
can learn a lot from the banking industry.

While the financial services sector cannot stop every fraudulent
transaction, it does set the watermark standard for protecting customer
financial data. This isn’t by accident. It is mandated by law through the
Gramm-Leach-Bliley Act (GLBA) of 1999. GLBA-compliant institutions,
including every community bank in the country, are required to comply with
detailed standards mandating strong internal security procedures,
investigatory requirements for potential breaches, and broad-based notice
requirements for breaches where consumers face a real risk of harm.

Some entities that are prone to mega-breaches, such as big-box retailers,
face no such federal data security safety standards. That is why Congress
should pass the Data Security Act (H.R. 2205/S. 961), which would ensure
that all entities that handle consumers’ sensitive financial data have in
place a robust process to protect data, which can help prevent breaches
from happening in the first place.

This legislation would also effectively replace the current patchwork of
state and federal regulations for data breaches with a national law that
provides uniform protections across the country. This comprehensive
approach would better serve consumers by making it easier for businesses
and government agencies to take the steps necessary to adequately protect
all Americans from identity theft and account fraud.

Protecting consumers is a shared responsibility of all parties involved in
the processing of sensitive personal information. In light of mass breaches
at large retailers and government agencies, we must work together and
invest the necessary resources to combat increasingly sophisticated threats
to the sensitive personal information of millions of consumers.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!