Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Robert A. Gottfried
Feb. 25 — “Data breaches have become a fact of life,” Walmart Senior Director, Public Affairs and Government Relations Angie Stoner said at a Feb. 24 panel at the winter meeting of the National Association of Attorneys General (NAAG).
Walmart's security team analyzed over one billion attacks in 2014 alone, she said.
Moderating the panel, NAAG President and Mississippi Attorney General Jim Hood (D) said that with the current generation of children growing up in the computer age, “we're going to see a lot more hackers than we have seen in the past.” The “way we work through this issue of cyberhacking in the next ten years is going to be by cooperation between the business community and government,” he said.
There is a growing effort to pass a data breach notification law at the federal level that would affect the 47 states that have their own breach notification statutes, Hood said. “If you notice, there's a federal law pending before the Congress, and we might as well get on that train.” Following President Barack Obama's release of a federal breach notice legislation proposal, Sen. Bill Nelson (D-Fla.) introduced a similar measure Jan. 13. Rep. Michael C. Burgess (R-Tex.) told Bloomberg BNA that he is close to unveiling a data breach bill.
“There's going to be a question of federal preemption, and none of us attorneys general want to see our notice requirements preempted by a federal law, but as a practical matter you know something like that is going to happen,” Hood said.
Hemanshu Nigam, founder and chief executive officer of SSP Blue, a company specializing in online safety, security and privacy consulting, stated that one of the biggest issues in the coming decade will be data compartmentalization. “When hackers are going to come—and they will come—they will succeed in breaking your door down.”
The the real question “in the next 10 years of our evolution is going to be: what do they get to when they get in?” Nigam said. The cybersecurity model needs to change in the business world to prevent hackers from having free run of a corporation's data when they gain access, he stated. As it becomes increasingly difficult, if not impossible, to keep hackers out, companies must create internal barriers to protect data from attacks, he said.
Christopher Boyer, AT&T Inc. assistant vice president, global public policy, agreed. For the last five years and going forward, a major focus has been moving data away from the edges—the perimeter—of a website and into more distributed security, he said. By housing data in virtual containers in the cloud with security around each container, “instead of having a big wall that when you get in you have access to all the different assets behind the wall, you now have a wall around each one of the individual asset sets,” Boyer said. If a hacker gains access, this makes it much easier to quarantine different containers, he added.
Stoner discussed ways to make hacking less profitable. The future of payment systems is among the most important security topics, she said.
In addition to mobile payment technology, Stoner pointed to the adoption of chip-and-PIN payment cards. Chip-and-PIN credit cards require customers to input a personal identification number at the checkout line—as most debit cards do already—rather than requiring a signature.
Stoner cited a 2013 Federal Reserve study that found chip-and-PIN transactions were 700 percent more secure than the more common chip-and-signature cards used in the U.S. today. While chip-and-PIN cards don't prevent hackers from accessing customer data, they make it harder for thieves to use any stolen information. Eighty countries using chip-and-PIN technology have seen a reduction in fraud, Stoner said.
To contact the reporter on this story: Robert A. Gottfried in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Donald G. Aplin at email@example.com
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)