Data Breach: From Notification to Prevention Using PCI DSS

By Shaw, Abraham | Columbia Journal of Law and Social Problems, Summer 2010 | Go to article overview
Save to active project

Data Breach: From Notification to Prevention Using PCI DSS


Shaw, Abraham, Columbia Journal of Law and Social Problems


With over 350 million records containing sensitive personal information having been compromised since 2005, it is evident that data breaches are an epidemic problem. After demonstrating the security breach problem, the Note begins by discussing California's pioneering data breach notification law, which requires breached entities to notify those affected that their personal information has been compromised. Drawing on various provisions found in California's notification law, the Note evaluates current state and federal data breach laws. To further explore the relationship between federal and state enforcement, two recent data breaches, the ChoicePoint and TJX breaches, are discussed in-depth. The Note then examines proposed federal and state legislation to strengthen the argument that data breach laws, which currently focus on notification, must also advance to breach prevention. Finally, the Note proposes a solution for preventing data breaches by increasing liability for merchants who fail to meet heightened security standards based on those used in the credit card industry.

I. INTRODUCTION

In an age when internet transactions have become a part of everyday life, both individual users and corporations have become more sophisticated. Users who used to receive content only passively now actively engage in e-commerce. Companies that used to only keep paper files now maintain digital databases worldwide. Because private information is increasingly available over the internet, there is a rising demand for data breach laws that protect private information.

Approximately eighty to ninety percent of Fortune 500 companies and government agencies have experienced data breaches.1 Since January 2005, over 350 million records containing sensitive personal information have been compromised in data breaches.2 The leading cause of these security breaches is hacker intrusion, followed by stolen laptops and computers, and insider thefts of private information.3 Terrorists have also increasingly utilized the internet not only to communicate and recruit, but also to perpetrate online crimes to obtain financial support for their agendas.4 Furthermore, data breaches often result in fraud. The Internet Crime Complaint Center reported that fraud-related losses totaled $264.6 million in 2008, up from $239.1 million in 2007.5 These figures only address reported losses; computer crime experts agree that most computer-related crimes go either undetected or unreported.6 With personal information being compromised almost daily in data breaches,7 the main question is: what are state and federal governments doing about this problem?

Having demonstrated that a security breach problem exists, this Note will go on to describe the current state and federal laws addressing the problem, highlight certain enforcement actions that have been undertaken in response to the problem, and, finally, propose that lawmakers craft legislation that focuses not only on notification of injured parties and damage control but also on data breach prevention. Part II begins by discussing California's pioneering data breach law and then draws on that law to evaluate current state data breach laws. Part III examines the current federal laws addressing data breach issues, specifically the Gramm-Leach-Bliley Act and various Federal Trade Commission acts. Part IV illuminates the need for legislation that goes beyond requiring consumer notification after data breaches to prevent such breaches. This section also explores the relationship between federal and state data breach laws using the Choice Point and TJX breaches. Part V discusses pending state and federal legislation to demonstrate that data breach laws need to progress toward preventing data breaches. Finally, Part VI proposes a solution: data breaches can be prevented by increasing liability for merchants who fail to meet heightened security standards based on those used in the credit card industry.

The rest of this article is only available to active members of Questia

Sign up now for a free, 1-day trial and receive full access to:

  • Questia's entire collection
  • Automatic bibliography creation
  • More helpful research tools like notes, citations, and highlights
  • Ad-free environment

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
Loading One moment ...
Project items
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited article

Data Breach: From Notification to Prevention Using PCI DSS
Settings

Settings

Typeface
Text size Smaller Larger
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

While we understand printed pages are helpful to our users, this limitation is necessary to help protect our publishers' copyrighted material and prevent its unlawful distribution. We are sorry for any inconvenience.
Full screen

matching results for page

Cited passage

Style
Citations are available only to our active members.
Sign up now to cite pages or passages in MLA, APA and Chicago citation styles.

Cited passage

Welcome to the new Questia Reader

The Questia Reader has been updated to provide you with an even better online reading experience.  It is now 100% Responsive, which means you can read our books and articles on any sized device you wish.  All of your favorite tools like notes, highlights, and citations are still here, but the way you select text has been updated to be easier to use, especially on touchscreen devices.  Here's how:

1. Click or tap the first word you want to select.
2. Click or tap the last word you want to select.

OK, got it!

Thanks for trying Questia!

Please continue trying out our research tools, but please note, full functionality is available only to our active members.

Your work will be lost once you leave this Web page.

For full access in an ad-free environment, sign up now for a FREE, 1-day trial.

Already a member? Log in now.

Are you sure you want to delete this highlight?