FTC Seeks Insight into Role of Data Security Compliance Auditing in Consumer Privacy
Nine auditing and security firms, including FireEye's Mandiant, PwC and Verizon Enterprise Solutions, were ordered by the FTC to provide information "on how they conduct assessments of companies to measure their compliance with" payment card industry data security standards (PCI…
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
DSS), the commission said in a Monday news release. Commissioners, who voted 4-0 to issue the orders, are seeking a better understanding of data security compliance auditing and how it protects consumer privacy. The FTC said it's compiling a study of the auditors and their policies, practices and procedures such as interactions with companies, sample PCI DSS assessments and additional services provided such as forensic audits. The commission said major payment card-issuing companies require PCI DSS audits of businesses that process more than 1 million card transactions annually to ensure companies are adequately protecting personal consumer data. The other companies receiving the FTC orders are Freed Maxick CPAs, Foresite MSP, GuidePoint Security, NDB, SecurityMetrics, and Sword and Shield Enterprise Security.