PCI Data Breaches: Washington, Safe Harbor 2010 Update, and Federal Cybersecurity

A number of state laws have come into effect and updated to respond to the challenges created by breaches of sensitive data – specifically, credit card data that allows for fraudulent charges to be conducted.  A very nice article is available by Charlene Brownlee on Davis Wright Tremaine LLP’s advisory page.  I strongly suggest clicking over there from the link below to read the entire article.  A few points to highlight:

Safe Harbor – Washington state has amended their Data Breach statute to focus on large businesses, processors, and vendors to take reasonable care to secure access to account information.  Most interesting is the Safe Harbor clauses – encryption OR an appropriate certification under PCI DSS within the past 12 months!  This is in stark contrast to the situations where organizations that suffered data breaches were found to not be in compliance ‘at that moment’, and therefore paid associated fines.

Massachusetts – effective March 1 2010, requires a comprehensive written security program in place.
Minnesota and Nevada’s data breach laws are also highlighted in this article.  The table is especially informative.

Direct link to Davis Wright Tremaine LLC Advisory article

States are moving strongly against Data Breaches and are referencing and supporting industry standards such as PCI DSS.  Additional legislation at the Federal level for example: H.R. 4900, and H.R. 4061 (Cybersecurity Actpassed on March 2010 by the House and discussed here) are also being enhanced, and have the potential to create a larger framework of best practices for organizations to follow.  Continued focus on appropriate risk management and threat models shall be more necessary as these laws mature and are amended.

Other thoughts?

James DeLuccia

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s