PCI Requirement 9 – Restrict Physical Access to Cardholder Data

by Randy Bartels / May 31, 2023

Why Should I Restrict Physical Access to Cardholder Data? What would happen if your organization had no physical access controls protecting cardholder data? Made no effort to restrict physical access to cardholder data? No locks on the doors, no badge or identification system, no security guards, no receptionist? Without physical access controls, you give unauthorized persons a plethora of ways to potentially gain access to your facility and to steal, disable,…

Data Privacy Day 2018

by Sarah Harvey / December 20, 2022

Are You Doing Enough to Protect Customer Data? In a highly data-driven world, protecting the privacy of customer data is more important than ever. January 28th, a day dedicated as Data Privacy Day, is an international holiday meant to help raise awareness about data privacy best practices. Encouraging companies and individuals to value privacy will help to create a culture of privacy and embolden everyone to properly safeguard data and…

GDPR Readiness: What, Why, and Who

by Sarah Harvey / July 12, 2023

What is GDPR? The European Union’s General Data Protection Regulation (GDPR) is not just one of many other data protection frameworks or requirements. GDPR is the top regulatory focus of 2018, even among US companies, and is considered to be one of the most significant information security and privacy laws of our time. The applicability of the law follows the data, rather than following a person or location. The scope…

Are You Ready for GDPR Compliance?

by Sarah Harvey / December 20, 2022

Have you been hearing about the General Data Protection Regulation? Do you collect, use, or process personal data of subjects in the European Union? What is GDPR? Who must comply? How can you prepare? Should you complete a GDPR assessment? With the repercussions of data breaches hitting the headlines more often every day, it’s important to understand how this privacy legislation is going to affect your business and to ask…

PCI Requirement 8.6 – Authentication Mechanisms Must Not Be Shared Among Multiple Accounts and Physical and/or Logical Controls Must Be in Place to Ensure Only Intended Account Can Use that Mechanism

by Randy Bartels / May 31, 2023

Do Not Share Authentication Mechanisms If your organization uses something you have as an authentication mechanism, like a type of physical device such as a token, smart card or certificate, we need to make sure that the authentication device can only be assigned to, and used by, one individual. If authentication mechanisms can be used by multiple accounts, it may be impossible to identify the individual using the authentication mechanism.…