Skip Navigation

Latest Breach Could Re-Ignite Data Legislation Discussion

Bookmark and Share

According to an article by Jonathan Birchall, appearing in the January 22, 2007 edition of Financial Times, the U.S. Congress is renewing its efforts to set minimum customer data protection standards after retailer TJX (T.J. Maxx) had its computer database hacked. Rep. Barney Frank (D-Mass.) said the issue would be a top priority for the House banking committee. Legislators are also now interested in determining whether TJX was in compliance with the industry's data security Payment Card Protection Standard.

The Payment Card industry produced their own security guidelines about one year ago to self-police themselves and proactively defend against talk of new, more stringent legislation.

Several data security bills were introduced in Congress last year, and in response to the recent security breaches at the retailer, Sen. Dianne Feinstein (D-Calif.) set a new bill in motion that would provide mandatory notification to customers who had their personal information compromised. Although the legislation does not address encryption or data protection standards, experts predict that the new Congress will work to create federal regulations.

The Payment Card Protection Standards do have a cursory reference to information destruction, stating simply that discarded information in any form must be properly destroyed.

Click here to read more.

Click here to access the Payment Card Protection Standards.