Those of us working in the security and compliance world are very aware of the data privacy rules and enforcement in different regulated industries: Health and Human Services (HHS) and its Office of Civil Rights (OCR) have broad authority over protected health information (PHI) through HIPAA and HITECH acts with significant fines for breaches of PHIO data by the holders of that data. Sarbanes-Oxley (SOX) put teeth into protecting and securing financial data for publicly traded companies and a broad …

The Federal Trade Commission has taken new assertive action to protect consumer data privacy interests, this time relating to breaches of payment card information, and other consumer personal information by Wyndham Worldwide, a company which owns and manages hotels. Just recently, the FTC settled charges against Accretive Health relating to inadequate data security protections that resulted in the theft of patient records. This settlement is on top of the charges filed by the Minnesota State Attorney General against the Business …

When Target’s Beth Jacob resigned in the aftermath of the company’s holiday season data breach that affected up to 110 million customers, it put the role of CIOs in a spotlight of scrutiny. But the ramifications of Target’s problems – which includes $17 million in breach-related expenses and a significant blow to the retail giant’s reputation – could also help technology executives get the funds and manpower required to battle cyber attacks. Target, which said the resignation was Jacob’s decision, …

“I’ll take a large deep dish with pepperoni, banana peppers and … encryption.” Yep, encryption is everywhere. Even at your local pizza shop, hopefully, if its owners heeded the advice offered in a recent PizzaMarketplace.com article titled ‘Why now is the time to upgrade your POS system.’ The author cites several industry executives discussing how the investment for an upgraded system is worth it compared to the flaws of outdated systems. One big reason: PCI compliance. Newer systems provide end-to-end …

Retail giant Target became the target of a data breach that potentially involved 40 million customer credit and debit card records. The retailer isn’t saying how the breach happened, but Avivah Litan, a security analyst with Gartner Research, has a strong opinion. She told The Associated Press that given the millions of dollars Target spends on security each year, she believes the breach may have been an “inside job.” Various mainstream media sources reported the story late Wednesday after the …

Dealing with strict personal health information protocol on a daily basis, many members of the healthcare industry are well aware of the importance of data protection. According to a story in today’s Boston Globe, two healthcare-related groups who may be more familiar with HIPAA compliance got an unfortunate lesson in the importance of PCI compliance. Hundreds of attendees at an American Public Health Association conference and an American Society of Human Genetics conference, both held at the Boston Convention & …

If you missed the webinar panel discussion on managing emerging PCI security risks in the cloud with Brightfly, PCI Security Standards Council, Online Tech, and Catbird , you can now view the recording online. The panel discussed the role cloud service providers play in protecting cardholder data and the security issues involved. With Bob Russo from the PCI SSC (Payment Card Industry Security Standards Council) and Jason Yaeger of Online Tech, PCI Compliant Hosting provider, the webinar shares regulatory and technical …

Yesterday, I blogged about the new PCI DSS 3.0 document that contains a number of clarifications, additional guidance and evolving (new) requirements. The part I’m going to focus on is the evolving requirements, as they represent the changes that ensure that the standards are up to date with emerging threats and changes in the market. They also represent the greatest changes between the old and new documents, and are relevant to merchants and service providers that are already PCI DSS …

The new PCI DSS 3.0 document contains a number of clarifications, additional guidance and evolving requirements, according to how the PCI SSC refers to the changes. The part I’m going to focus on is the evolving requirements, as they represent the changes that ensure that the standards are up to date with emerging threats and changes in the market. They also represent the greatest changes between the old and new documents, and are relevant to merchants and service providers that …

Next Wednesday, Online Tech’s Director of Operations Jason Yaeger will be participating on a panel discussion with technical and administrative PCI DSS experts, including Bob Russo from the PCI Security Standards Council, to discuss the role that cloud service providers play in protecting cardholder data, as well as the security issues involved. Title: Navigating PCI Security Mountains in the Cloud Register: Sign Up on BrightTalk.com Who: Brandon Dunlap, Brightfly, Inc.; Bob Russo, PCI SSC; Jason Yaeger, Director of Operations, Online Tech; Randal Asay, …

Get started now. Exceptional service awaits.

Live Chat