Group items matching

in title, tags, annotations or url

A top lawyer for P&G called upon industry execs to work harder than ever to defend self-regulation of the ad business at a gathering of top advertisers today. Speaking about the tough economic environment and increased government involvement in business affairs, Deborah Platt Majoras, VP-general counsel at P&G, said the ad business has to tout that it has been responsible and doesn't need additional oversight. The current business environment -- one in which market failures have prompted government bailouts and heightened government oversight -- is leading to a more skeptical outlook from policymakers about self-regulation. ' "The road ahead is not going to be easy, but we are not helpless," said Ms. Majoras, who, prior to joining P&G served as chairman of the Federal Trade Commission from 2004 to 2008. "The industry has been far more responsible than we get credit for. It's time that we backed up rhetoric with facts," she said.

It was only a matter of time! Auditor accuracy being examined in lawsuit may signal change in PCI and other compliance processes.

When CardSystems Solutions was hacked in 2004 in one of the largest credit card data breaches at the time, it reached for its security auditor's report. In theory, CardSystems should have been safe. The industry's primary security standard, known then as CISP, was touted as a sure way to protect data. And CardSystems' auditor, Savvis Inc, had just given them a clean bill of health three months before. Yet, despite those assurances, 263,000 card numbers were stolen from CardSystems, and nearly 40 million were compromised. More than four years later, Savvis is being pulled into court in a novel suit that legal experts say could force increased scrutiny on largely self-regulated credit card security practices. They say the case represents an evolution in data breach litigation and raises increasingly important questions about not only the liability of companies that handle card data but also the liability of third parties that audit and certify the trustworthiness of those companies. "We're at a critical juncture where we need to decide . . . whether [network security] auditing is voluntary or will have the force of law behind it," says Andrea Matwyshyn, a law and business ethics professor at the University of Pennsylvania's Wharton School who specializes in information security issues. "For companies to be able to rely on audits . . . there needs to be mechanisms developed to hold auditors accountable for the accuracy of their audits." The case, which appears to be among the first of its kind against a security auditing firm, highlights flaws in the standards that were established by the financial industry to protect consumer bank data. It also exposes the ineffectiveness of an auditing system that was supposed to guarantee that card processors and other businesses complied with the standards. Credit card companies have touted the standards and the auditing process as evidence that financial transactions conducted under their purview are secur

For all the concern and uproar over online privacy, marketers and data companies have always known much more about consumers' offline lives, like income, credit score, home ownership, even what car they drive and whether they have a hunting license. Recently, some of these companies have started connecting this mountain of information to consumers' browsers.

Internet companies came under fire on Capitol Hill on Thursday, with lawmakers questioning how well the companies protect information that they collect online about consumers for advertising purposes. "I think it's a big deal if someone tracks where you go and what you look at without your personal approval. We wouldn't like that in the non-Internet world and I personally don't like it in the Internet world," said Rep. Joe Barton (R., Texas). Lawmakers in the House are drafting Internet-privacy legislation designed to provide consumers more information about what is being collected online and to give them greater control about how that data can be used. It could also set rules for how consumers could prevent their personal data from being shared with advertisers. "Consumers are entitled to some baseline protections in the online space," said Rep. Rick Boucher (D., Va.) chairman of the House Internet subcommittee.

You can't ignore the presence and usage of all the myriad forms of instant messaging, social networking and blogging. The millennial generation won't thrive in companies where Facebook is banned or texting is frowned upon. They think and work so differently from their baby boomer managers that generational clashes are inevitable. The Security Executive Council and CXO Media, producer of CSO Perspectives and CSO magazine, are partnering to probe attitudes toward collaborative technologies like IM and social networking. By participating you will receive a research report based on this survey. Definition of web 2.0 apps: The term "Web 2.0" describes the changing trends in the use of World Wide Web technology and web design that aim to enhance creativity, communications, secure information sharing, collaboration and functionality of the web. Web 2.0 concepts have led to the development and evolution of web culture communities and hosted services, such as social-networking sites, video sharing sites, wikis, blogs, and folksonomies. (Wikipedia)