Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:05 AM
Susana Schwartz, Intelligent Enterprise,
Susana Schwartz, Intelligent Enterprise,
Connect Directly

Identity Theft Laws Elevate Security to the C-Level

Information security should start from the top, experts say.

Numerous breaches in customer data security in 2005 have fueled calls for federal legislation that could lead to onerous security demands on financial institutions that hold consumer information. Even if legislators show restraint in demanding new controls, it's time for banks to create C-level security positions, experts suggest.

Thus far, congressional committees have proposed at least six bills that call for corporate accountability for data privacy and security programs, but there's controversy over how to define and enforce such a mandate. "The government must assess the risk associated with certain data types so companies aren't notifying consumers every time a breach of even noncritical data occurs," asserts Jerry Cerasale of the Direct Marketing Association (DMA), a New York-based trade association representing more than 5,200 direct, database and interactive marketers.

Cerasale warns that institutions will face enormous costs if forced to build departments and systems for detecting and reporting breaches. More troubling to some is a bill proposed by Senators Arlen Specter (R-Pa.) and Patrick Leahy (D-Vt.) that calls for data brokers to give consumers a chance to "access and correct" their information. "That would open up an entirely different avenue for identity thieves," says Cerasale.

Fred Cohen, a principal analyst at Burton Group (Midvale, Utah), says enterprises should consider creating new positions or morphing existing ones to prepare for such legislation. "The position of a chief information security officer (CISO) exists at many large firms, but it has not been a C-level position," says Cohen. "The CISO will have to be a position right up there with the CEO, CFO and CIO." * --Susana Schwartz, Intelligent Enterprise

Courtesy of Intelligent Enterprise, a CMP Media property.


Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.