The latest PCI compliance reports (data current as of Dec. 31, 2010) show little change for Level 1 and Level 2 merchants, with each group holding at 96 percent. Level 1 had been at 96 percent for months, but the number of retailers in that group jumped from 358 to 377 (since the prior report in June 30, 2010). Level 2 had been at 95 percent, so the 96 percent figure reflects a slight increase. The number of merchants in Level 2, however, dropped from 894 to 881. So if even a few of those 13 retailers had been non-compliant, that could explain the bump up to 96 percent.
The cost of achieving regulatory security compliance is on average $3.5 million each year, according to a survey of 160 individuals leading the IT, privacy and audit efforts at 46 multinational organizations
.. They may respond to the complaints of plan members in a general way, but if they want to respond in detail, a plan staffer may phone the patient to avoid violating HIPAA prohibitions against revealing patient information in public
The PCI Security Standards Council (PCI SSC), which oversees the PCI (Payment Card Industry) Data Security Standard that card-accepting retailers must follow, today announced that nominations for election to the 2011-2013 PCI SSC board of advisors are now being accepted
Half of U.S. government Web sites are vulnerable to commonplace DNS attacks because they haven’t deployed a new authentication mechanism that was mandated in 2008, a new study shows.
Health insurance giant Health Net has been fined by the state of Vermont over the insurer’s loss of a portable disk drive that exposed the protected health information (PHI) of 1.5 million people, including 525 Vermonters.
Also new is a PCI compliance-specific reporting function for Cisco’s Wireless Control System. The System had a PCI compliance report capability previously, but the updated function can offer a PCI summary report, and filter out and report on individual locations or devices in the wireless network.
A controversial Internet security bill proposed in 2010 by Sen. Joe Lieberman (I-Conn.) could yet become law in the current session of Congress, said Jeff Greene, counsel on the majority staff of the Senate Homeland Security and Governmental Affairs Committee.
the PCI DSS is actually written in such a way to address changes in technology without directly calling out new technologies