CardSystems Settles For Slap On The Wrist
from the detect-a-pattern-yet? dept
CardSystems Solutions, the company behind the biggest-ever personal data leak, has settled with the FTC, and unsurprisingly, the penalties are pretty toothless. The FTC couldn't even levy a meaningless token fine, as it's done before, because of the law it said CardSystems broke, so all the company (which has since been bought out) has to do is implement a "comprehensive" security program and get independent audits every other year for the next 20 years. But what's comprehensive, and is there any enforcement action should the audits find deficiencies? With at least one court indicating the mere existence of a security policy is a reasonable enough measure for a company to avoid liability for data leaks, it's hard to take any comfort from the FTC's settlement. This stuff is a joke -- in the CardSystems case, where tens of millions of people's credit-card information was exposed, a judge ruled that Visa and Mastercard didn't even have to notify the 265,000 cardholders who had enough information stolen that it could be used fraudently because there was no "immediate threat of irreparable harm". This ignores the fact that the effects of identity theft can linger on for years, and merely serves to underline the point that for most companies, the fallout from data leaks is nothing more than an acceptable cost of doing business.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
No Subject Given
[ link to this | view in thread ]
What about my rights
How about Congress passing some law to make it mandatory that if a company "leaks" credit card information, they are responsible for any unwanted charges that are accrued on it, or that the company has a "comprehensive" security program in place if the company needs to have your credit card number.
Wishful thinking.
[ link to this | view in thread ]
No Subject Given
We'll just have to wait until one of these companies is brought before a judge who's had his/her information leaked. Then maybe the judge will have a better idea of just how much harm these types of leaks can cause.
[ link to this | view in thread ]
Security wrist slaps not enuf. .exe them
[ link to this | view in thread ]