Posted on June 25th, 2009 No comments
Nevada is making PCI the law and a group of state attorneys general plagiarized it liberally while trying to figure out what to force TJX to do. Like it or hate it, PCI Columnist David Taylor argues, the PCI DSS is the only set of data security standards out there that actually comes with an effective, ongoing validation and enforcement process.That is not true of HIPAA or the vast majority of state or national data privacy or breach disclosure laws
See the original post:
Can the Government Be Sued For Plagiarizing Pci Dss?
Posted on June 10th, 2009 No comments
The other day at a security conference on retail and PCI security issues, I was in a group of retailers and saw one retailer ask the other a deliciously revealing question: “Are you still using a QSA?” The entire question is nice, but it’s the emphasis on the word “still” that makes it art.
Posted on June 4th, 2009 No comments
Is it justifiable to implement a less secure technology if employees’ jobs are preserved in the process? GuestView PCI Columnist David Taylor has noticed a “protectionism” trend when it comes to the outsourcing of payment management for the purpose of reducing PCI compliance scope.”We’re talking about companies opting to store and manage more credit card and other confidential data than necessary, and we suspect protecting jobs in technology, compliance and finance is the main reason for this,” Taylor writes. “But is this necessarily bad?”
Rethinking Payment Security Outsourcing