The Federal Trade Commission (FTC) has ordered nine companies to file Special Reports detailing how they assess their clients’ compliance with Payment Card Industry Data Security Standards (PCI DSS). Payment card issuing companies require businesses that process over one million card transactions per year to undergo PCI DSS compliance assessments, or audits, performed by PCI Qualified … Continue reading
We have long recognized that effects of cyber-attacks are not limited to the virtual space, and can affect our physical environment. For example, a stolen trade secret may lead to a competitor who copies the design, to lost sales, to lost jobs. However, the relationship between cybersecurity and physical security is far more direct and … Continue reading
Last week, the U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert that summarized findings from the agency’s examinations of the practices employed by financial service firms to address cybersecurity risks. The focus and results of the OCIE’s evaluation offer firms insight into the types of information security and … Continue reading
Leading up to the President’s State of the Union, the White House previewed several potentially sweeping cybersecurity initiatives—including a proposed federal law that would create a single national breach notification standard, entitled the Personal Data Notification & Protection Act (the “Act”). The President argued that the proposed law will benefit consumers and alleviate the confusion … Continue reading