ANITA RAMASASTRY

Click link below for entire commentary

Heartbreak over Heartland: Why Prosecution for Data Breaches Isn’t Enough

FindLaw columnist and U. Washington law professor Anita Ramasastry discusses the lessons that can be drawn from the recent indictments, by the U.S. Department of Justice, of three hackers — one named Alberto Gonzalez and the other two as yet unidentified — in connection with what is reportedly the largest data breach that has occurred thus far in U.S. history. As Ramasastry explains, the breach compromised both credit and debit card data that was held by Heartland Payment Systems, Inc., based in Princeton, N.J.; 7-Eleven, Inc.; Hannaford Brothers Co., which operates grocery stores in Maine and Massachusetts; and two other, unidentified corporations. Ramasastry covers the state of laws and practices concerning data security, including the Payment Card Industry Data Security Standard (PCI DSS), and the pending lawsuits that have been filed in connection with this historic breach. She also suggests respects in which PCI DSS falls short, and ways in which Americans’ data security can be better guaranteed. Friday, September 4, 2009