BreachExchange mailing list archives
How to use existing standards to prevent data breaches
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 11 Sep 2015 14:03:01 -0600
http://thehill.com/blogs/congress-blog/technology/253300-how-to-use-existing-standards-to-prevent-data-breaches Who’s standing between fraudsters and your most sensitive personal information? The answer is your financial institution. With the recent rash of data breaches, including the theft of more than 22.5 million records from the Office of Personnel Management, personal information is being exposed at an alarming rate. Data breaches frequently give cybercriminals access to information such as Social Security numbers, dates of birth, employment history and health data—making Americans more susceptible to identity theft. Everyone that holds or transfers personal information must step up to the plate to better protect consumers, and they can learn a lot from the banking industry. While the financial services sector cannot stop every fraudulent transaction, it does set the watermark standard for protecting customer financial data. This isn’t by accident. It is mandated by law through the Gramm-Leach-Bliley Act (GLBA) of 1999. GLBA-compliant institutions, including every community bank in the country, are required to comply with detailed standards mandating strong internal security procedures, investigatory requirements for potential breaches, and broad-based notice requirements for breaches where consumers face a real risk of harm. Some entities that are prone to mega-breaches, such as big-box retailers, face no such federal data security safety standards. That is why Congress should pass the Data Security Act (H.R. 2205/S. 961), which would ensure that all entities that handle consumers’ sensitive financial data have in place a robust process to protect data, which can help prevent breaches from happening in the first place. This legislation would also effectively replace the current patchwork of state and federal regulations for data breaches with a national law that provides uniform protections across the country. This comprehensive approach would better serve consumers by making it easier for businesses and government agencies to take the steps necessary to adequately protect all Americans from identity theft and account fraud. Protecting consumers is a shared responsibility of all parties involved in the processing of sensitive personal information. In light of mass breaches at large retailers and government agencies, we must work together and invest the necessary resources to combat increasingly sophisticated threats to the sensitive personal information of millions of consumers.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- How to use existing standards to prevent data breaches Audrey McNeil (Sep 14)