Merchants 5 Step Guide
To PCI Compliance

   Step 1: An Introduction to PCI Compliance

   Step 2: Finding PCI DSS Level

   Step 3: Security Audits: 12 Requirements

   Step 4: Finding a PCI DSS Approved Scanning Vendor (ASV)

   Step 5: Completing the PCI DSS Self Questionnaire


 ISO / Acquirers 5 Step Guide
To PCI Compliance

   Introduction

   Step 1: Engage all resources

   Step 2: Identify and confirm a partner

   Step 3: Make your merchants aware of PCI Compliance

   Step 4: Supply tools to merchant

   Step 5: Implement and track

   Other considerations


 PCI COMPLIANCE
INFO

   New PCI Compliance 1.1 Standards

   PCI Compliant Basics

   PCI Compliance & Consumers

   Implementing PCI Compliance

   PCI Compliant Scan

   Further PCI Compliance Resources

   PCI Compliance Polls & Surveys


 PCI COMPLIANT
VENDORS

   Find PCI Scan Vendors

 About Us

   Contact Us

   PCI Compliance News

   SiteMap

   SSL Certificate

   EV SSL Certificate Guide






After a data breach: Navigating state disclosure laws

Following the lead of California-the first state to enact a data breach notification law-39 states currently have a data breach notification law on the books.

Banannas.com was hit with fines for not complying with various state data breach laws, and trying to research breach laws overwhelmed its small staff and simultaneously notifying affected customers.

If your organization conducts business online, with customers from all over the U.S., or abroad, not only must you comply with your own state's data breach notification laws, you must comply with the data breach notification laws from the states of the affected customers.

When to send a notification is tricky in some instances.
For instance, Arizona prohibits some local law enforcement and state agencies from disclosing a security system breach, but Illinois requires an immediate notification of the breach.

In some states, data breach notification laws are based only on possible harm, injury, fraud or identity theft, and if there is no reasonable probability of any of these, data breach notification is not required. Other states require notification in almost all circumstances. Florida and Ohio are the only states to set a time period for a business to notify consumers.

pci compliance                      pci compliance asv


pci compliancePrint this page

Send this page to a friend

Data Breaches Part I
- Is it possible to prevent the inevitable?

Introduction

Step 1: A Good Defense is an Offense

Step 2: Perform a company-wide risk assessment/inventory

Step 3: Educate employees on breach/data security

Step 4: Create a pre-breach containment and communication plan

Step 5: Create a rapid response and internal audit/compliance team

Epilogue: Spend now or pay later

Introduction

New changes to PCI DSS Self Assessment Questionnaire

Step 1: Spot/investigate the breach

Step 2: Circle the wagons: Deploy the rapid response team

Step 3: Create a Notification Plan

Step 4: Implement the Notification/Communications Plan

Step 5: Perform a response audit after the event

Navigating state disclosure laws

Outsourcing data breach response to a third-party

Recommended reading
PCI Compliance Polls

Are you currently PCI Compliant?
Yes
No
Working towards compliance

Why are you looking at PCI Compliance
Required By Credit Card Processor
Required By Bank
Want to meet industry standards
Looking to secure network

What merchant level do you fall under for PCI Compliance?
Level 1
Level 2
Level 3
Level 4
I have no idea
View PCI Merchant Level Results
View All PCI Compliance Poll Results

EV SSL Certificate Guide

Sponsored Listing:

|  Home  |  About PCI Compliance |  For Acquirers |  Find PCI Compliance Solutions | 
|  Preventing Data Breaches |  Managing Data Breaches |  Contact Us |    EV SSL Certificate Guide | 
© 2008 PCI Compliance Guide.org
   All right reserved - do not copy any material without written permission.