The response to the Moonpig breach has been particularly slow. Based on the researcher’s analysis, authentication was not in place for consumers. For a company to be aware of a basic security issue for more than 17 months is gross negligence. Because companies that process payments are custodians of customer data, they have a legal and, I would argue, ethical obligation to protect that information.
Free eBook: Modern Retail Security Risk – Get your copy now.
From a legal and regulatory perspective, ICO (UK jurisdiction) and Payment Card Industry (PCI) mandates require stronger security practices, such as data encryption for safeguarding consumer privacy. In my view, companies also have an ethical duty to protect consumer privacy. When customers hand over their data for a commercial transaction, they should be able to trust that the vendor will take sufficient measures to protect that data. As any good salesperson can attest, trust is an inherent component of the customer relationship.”
By Bob West, Chief Trust Officer, CipherCloud
About CipherCloud
CipherCloud, the leader in cloud information protection, enables organizations to accelerate their adoption of cloud applications while ensuring visibility and control of their data. CipherCloud delivers data privacy, regulatory compliance, and data residency in the Cloud through an open platform that provides comprehensive cloud application and data discovery, protection – search strong encryption, tokenization, data loss prevention, key management, and malware detection – and activity and anomaly monitoring services.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.