Data security and PCI DSS

My colleague Brad Freedman recently wrote a short piece on the Payment Card Industry Data Security Standard (“PCI DSS”), a contractual standard for the protection of data regarding payment cards issued by the major card brands, including Visa, MasterCard and American Express.

Organizations that accept payment card transactions or store, process or transmit payment card data are usually contractually obligated to comply with PCI DSS. Organizations that handle other kinds of protected or regulated data usually consider PCI DSS to indicate a reasonable standard of care for data protection. Failure to comply with PCI DSS can result in serious adverse consequences, including financial assessments, liabilities and findings of regulatory non-compliance. In his article, he explains how organizations should carefully consider procuring insurance coverage for PCI DSS non-compliance.

To read the article, click here.


This content has been updated on May 2, 2024 at 16 h 30 min.