Data Breach: From Notification to Prevention Using PCI DSS

By Shaw, Abraham | Columbia Journal of Law and Social Problems, Summer 2010 | Go to article overview

Data Breach: From Notification to Prevention Using PCI DSS


Shaw, Abraham, Columbia Journal of Law and Social Problems


With over 350 million records containing sensitive personal information having been compromised since 2005, it is evident that data breaches are an epidemic problem. After demonstrating the security breach problem, the Note begins by discussing California's pioneering data breach notification law, which requires breached entities to notify those affected that their personal information has been compromised. Drawing on various provisions found in California's notification law, the Note evaluates current state and federal data breach laws. To further explore the relationship between federal and state enforcement, two recent data breaches, the ChoicePoint and TJX breaches, are discussed in-depth. The Note then examines proposed federal and state legislation to strengthen the argument that data breach laws, which currently focus on notification, must also advance to breach prevention. Finally, the Note proposes a solution for preventing data breaches by increasing liability for merchants who fail to meet heightened security standards based on those used in the credit card industry.

I. INTRODUCTION

In an age when internet transactions have become a part of everyday life, both individual users and corporations have become more sophisticated. Users who used to receive content only passively now actively engage in e-commerce. Companies that used to only keep paper files now maintain digital databases worldwide. Because private information is increasingly available over the internet, there is a rising demand for data breach laws that protect private information.

Approximately eighty to ninety percent of Fortune 500 companies and government agencies have experienced data breaches.1 Since January 2005, over 350 million records containing sensitive personal information have been compromised in data breaches.2 The leading cause of these security breaches is hacker intrusion, followed by stolen laptops and computers, and insider thefts of private information.3 Terrorists have also increasingly utilized the internet not only to communicate and recruit, but also to perpetrate online crimes to obtain financial support for their agendas.4 Furthermore, data breaches often result in fraud. The Internet Crime Complaint Center reported that fraud-related losses totaled $264.6 million in 2008, up from $239.1 million in 2007.5 These figures only address reported losses; computer crime experts agree that most computer-related crimes go either undetected or unreported.6 With personal information being compromised almost daily in data breaches,7 the main question is: what are state and federal governments doing about this problem?

Having demonstrated that a security breach problem exists, this Note will go on to describe the current state and federal laws addressing the problem, highlight certain enforcement actions that have been undertaken in response to the problem, and, finally, propose that lawmakers craft legislation that focuses not only on notification of injured parties and damage control but also on data breach prevention. Part II begins by discussing California's pioneering data breach law and then draws on that law to evaluate current state data breach laws. Part III examines the current federal laws addressing data breach issues, specifically the Gramm-Leach-Bliley Act and various Federal Trade Commission acts. Part IV illuminates the need for legislation that goes beyond requiring consumer notification after data breaches to prevent such breaches. This section also explores the relationship between federal and state data breach laws using the Choice Point and TJX breaches. Part V discusses pending state and federal legislation to demonstrate that data breach laws need to progress toward preventing data breaches. Finally, Part VI proposes a solution: data breaches can be prevented by increasing liability for merchants who fail to meet heightened security standards based on those used in the credit card industry. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Data Breach: From Notification to Prevention Using PCI DSS
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Author Advanced search

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.