This really shouldn’t come as a surprise to anyone out there, but in case you didn’t anticipate it: the United States Congress (our legislative branch of government) is working on a bill to make failure to protect your and your customers’ information a possible felony. Today, the PCI DSS (payment card industry data security standard)
Republican Senators at the federal level have introduced a legislative draft for the purpose of codifying a national standard for data breach reporting. The bill has been nicknamed the Data Security and Breach Notification Act of 2012. The legislation, initially presented by Senator Pat Toomey (R-PA), is also being cosponsored and authored by Senator Olympia Snow (R-ME), Senator Jim DeMint (R-SC), Senator Roy Blunt (R-MO) and Senator Dean Heller (R-NV). The current draft of the bill would include a requirement for all businesses and government agencies to “take reasonable measures to protect and secure data in electronic form containing personal information.” Once signed into law, the FTC (federal trade commission) would be charged with enforcing the law. Sources indicate that organizations found to be in violation of the new legislation could face fines in excess of a half million dollars!
That’s a frightening figure. But really if you think about it, this was inevitable. The industry created the PCI DSS as a response to an emergent need in a world of increased reliance on technology and essential need for security. It started with Visa’s CISP (cardholder information security program) way back in June of 2001. Visa foresaw the need for a standard of security to combat the rising incidence of cyber theft and hacking worldwide. The program was visionary and preemptive in its attempts to counteract data theft.
Now that federal legislation is catching up with the industry, let the merchant beware. It’s not just the right thing to do and the conscientious thing to do and the smart thing to do. It is now the law. Do your civic duty and get PCI compliant now. Visit our home page to find out how achieve PCI compliance for your business for free.