PCI Compliance Important to 80% of UK Organisations, According to Breach and Evolution Security Survey
LONDON, Apr 29, 2009 (BUSINESS WIRE) — Breach Security, Inc., the leader in web application integrity, security and PCI compliance, and Evolution Security Systems Ltd today jointly released their 2008 UK PCI Compliance Report. Evolution Security Systems is a leader in digital and information security, partnering with institutions to protect their assets and manage their security infrastructure on an ongoing basis. Surveying UK organisations across a variety of market sectors, including healthcare, government, e-commerce, finance and banking, the report findings indicate that PCI compliance is important to eight in 10 UK organisations. Further, 57 percent, are either PCI compliant or actively working toward becoming compliant. While this represents good progress, it also indicates that the UK is trailing the United States in adoption of PCI compliance.
In addition, the survey found that 16 percent of organisations don’t know what it means to be PCI compliant and nearly one in five companies reported not knowing if PCI compliance is important. “With over 40 percent of UK organisations not serious about PCI compliance, sensitive customer and cardholder data is in jeopardy for many of the online transactions that take place,” said Sanjay Mehta, SVP for Breach Security. “Web application hackers are becoming both more savvy and malicious with each passing month, and without the protection afforded by PCI compliance, the data security of these organisations is at risk.”
“PCI compliance has become a significant priority around the world, particularly in the United States, and UK organisations need to wake up to the threat,” said Dale Moreton, head of sales and marketing at Evolution Security Systems. “In addition to trailing U.S. adoption rates, it’s concerning that 20 percent of UK organisations are naive about PCI compliance, its importance and the ramifications of ignoring it.”
With online customer data being nearly impossible to secure and easy to hack, the Payment Card Industry (PCI) established compliance requirements to protect customers by including web application security requirements in its Data Security Standard (DSS). All organisations that process, store or transmit credit, debit or other payment card information must be in compliance with the PCI DSS. Further, requirement 6.6 states that all web-facing applications must be protected and web application firewalls have become the de facto standard for compliance in enterprise organisations.
Breach and Evolution’s report found that one in three UK organisations are not planning to become PCI compliant, while 18 percent are planning to become compliant in three to six months, 11 percent in six to 12 months, and five percent in more than one year.
CMS Keeping Tabs on HIPAA Violations on ADVANCE for Health Information Professionals
The Centers for Medicare and Medicaid Services (CMS) published a notice describing a new records system designed to store the results of regional investigations into complaints alleging violations of HIPAA’s transactions and code sets, security and unique identifier provisions, AHA News Now reported.
The Office of E-Health Standards and Services (OESS) is charged with overseeing compliance in those areas. OESS has procured a contractor to maintain the database, according to the notice.
Authorized under HIPAA, the HIPAA Information Tracking System will store data on complaint allegations, information gathered during complaint investigations, and findings and results of investigations, CMS reported. The notice described proposed policies, procedures and restrictions on disclosures of data, and invited comments on the records system.
The notice, which specifies instances in which the government will disclose information stored in the database, is available at www.gpoaccess.gov/fr/index.html.
via CMS Keeping Tabs on HIPAA Violations on ADVANCE for Health Information Professionals.
