Dykema On Demand
|
||
Featured ArticleYou’ve Been HackedState laws and industry standards are raising the stakes on enforcing consumer data security policies. American companies face at least four levels of data-security regulations—industry standards, state laws, federal laws and international laws. Federal agencies, including the Federal Trade Commission (FTC) and the Department of Health and Human Services (DHHS), enforce federal laws concerning private consumer data. And such entities as the European Commission enforce cross-border data-security laws. But the most recent action on consumer data security requirements is occurring at the state and private levels. As of mid-2007, 35 U.S. states have enacted legislation requiring organizations to notify state residents when their personal information has been misappropriated. Many of these laws are modeled after a 2003 amendment to California’s Civil Code known as the “You’ve Been Hacked” law. In general, such laws specify how companies can notify their customers and set fines and enforcement mechanisms. State attorneys general and other agencies are actively enforcing these new laws, which continue changing along with state legislative actions. Additionally, some industries and private company groups are promulgating their own standards for ensuring data security. A group of leading credit and debit-card companies—collectively part of the payment card industry (PCI)—formed the PCI Security Standards Council in 2004. The group’s standards include 12 categories of requirements and details about compliance, which members are required to implement for all their participating merchants. Council member VISA announced it would fine some merchants up to $25,000 per month if they had not validated their compliance by the end of 2007. For more information, please contact Steve Tupper at stupper@dykema.com |
Back to: Featured Articles :
For more information on our Privacy, Data Security and E-Commerce Practice, contact: | |
