For those who were included in the January 2007 94 million record loss of credit card numbers from TJX (Still the highest loss by number of records ever reported), You may be interested to know that they have agreed a settlement with the 41 various states on the fine. Around $5.5 million of the settlement was for data and consumer protection, and $1.75 million to reimburse the states costs of the investigation.
Today I received yet another of those annoying “We may have lost your personal information…” letters from my bank. No information on how it happened, or what they are doing to stop it happening again. It’s almost as though this was an inevitable and repeatable condition of doing business….
Yet again I’m going to get another bank card, yet again I’m going to have to change the numbers in my Blockbuster, Amazon, etc. accounts, and (again) I have yet another free 12 month subscription to “Identity Theft Monitoring.”
Great news indeed, but I suspect many readers of this blog have also been through this a few times as well.
For the last few weeks I’ve been traveling around the country presenting at our Security Innovation Alliance roadshow. It’s been great meeting and presenting alongside some of the 60+ companies who’ve chosen to integrate their security products into McAfee’s ePO platform. Looking at the portfolio it seems that soon it might actually be possible to service any IT security need through one pane-of-glass management interface.
One question that came from the audience during one of the sessions surprised me, as it wasn’t about IT at all. The question was “What laws apply to PII in printouts?”
Well, unfortunately the simple and unfortunate answer is – all of them. Read more…
I was speaking last week at a panel of CISO’s when someone asked me the very reasonable question “What’s the most important thing we should do to protect our data?” – What the audience member wanted to know really was, given that he had no budget, and a state mandate impressing on him the need to protect PII (personally identifiable information), what’s the minimum he could do to comply with the regulations? Read more…