More than a billion ‘toxic legacy calls’ breach PCI rules

From: Engineering & Technology Magazine

By Edd Gent

More than a billion “toxic legacy call recordings” containing card details are putting UK firms at risk of massive fines.

Thousands of UK merchants are still holding phone calls containing customers’ card details in environments that fail to comply with Payment Card Industry Data Security Standards (PCI DSS) according to Matthew Bryars, CEO of IT outsourcing company Aeriandi, who will speak on the topic at the PCI London conference on Tuesday.

Falling foul of PCI DSS due to non-compliance or compromised payment card details includes fines of up to $500,000 per breach on top of the potential damage to an organisation’s brand reputation.

Systems engineering’s critical role in health IT

From: Washington Technology

By Glenn Kurowski

A RAND Corp. study published in Health Affairs reignited the debate over how health IT can fulfill its promise of achieving significant cost savings while dramatically improving patient outcomes. While it’s true that interoperability, adoption and standardization of systems are important, the utility of the data in these systems represents the real value of heatlth IT.

The health care community’s challenges are to integrate information from these systems, ensure integrity of data, and unlock knowledge from data to realize the promises of a trusted digital health system for our patients and our nation.

Federal Trade Commissioner Tilts at Big Data Windmill

From: E-Commerce Times

By Richard Adhikari

From the there-oughtta-be-a-law department comes a proposal by a Federal Trade Commissioner, no less, to require big companies to pull back the curtains on their Big Data activities. Consumers should be able to exercise some control over their own data, argued Commissioner Julie Brill. The idea may be laudable, but implementation would likely be something else.

A U.S. Federal Trade Commissioner is urging consumers to take more control over their data. The call to action comes as revelations that the NSA is spying on Americans to an unprecedented degree continue to shake the country. Unease has been mounting over the amount of data companies are handing over to the agency.

Securing Electronic Payments: Let Industry Take the Lead | Commentary

From: Roll Call

By Jason Oxman

If there’s one thing recent news about the National Security Agency’s data collection programs has made clear, it’s that our personal information, especially online, can be susceptible to being seen by others. Americans are now paying closer attention to protecting their personal information, and the president and Congress are discussing more stringent online privacy laws that address consumer concerns.

In a world where commerce is rapidly moving online, consumer data is vital to effectuating transactions and deriving maximum value from mobile commerce. And although protecting privacy is an important goal, we must not allow government regulations to place undue burden on the payments industry and consumers who rely on electronic forms of payment every day.

Do Directors Face Potential Liability for Not Preventing Cyber Attacks?

From: Orrick — Securities Litigation and Enforcement Blog

by  M. Todd Scott, Alex Talarides  and Jim Kramer

In the past weeks, we’ve reported that while most companies are properly disclosing their exposure to cybersecurity threats, the increasing occurrence and severity of cyber attacks has the SEC considering even more stringent cybersecurity disclosure requirements. Now, another study reports that while 38% of Fortune 500 companies have disclosed that a potential cyber event would “adversely” impact their business, only six percent of those companies purchase cyber security insurance.

What of the other 94%? Should they be doing more to protect themselves against the growing cyber threat? Do their directors have a fiduciary obligation to do more?