FTC Seeks Insight into Role of Data Security Compliance Auditing in Consumer Privacy
Nine auditing and security firms, including FireEye's Mandiant, PwC and Verizon Enterprise Solutions, were ordered by the FTC to provide information "on how they conduct assessments of companies to measure their compliance with" payment card industry data security standards (PCI…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
DSS), the commission said in a Monday news release. Commissioners, who voted 4-0 to issue the orders, are seeking a better understanding of data security compliance auditing and how it protects consumer privacy. The FTC said it's compiling a study of the auditors and their policies, practices and procedures such as interactions with companies, sample PCI DSS assessments and additional services provided such as forensic audits. The commission said major payment card-issuing companies require PCI DSS audits of businesses that process more than 1 million card transactions annually to ensure companies are adequately protecting personal consumer data. The other companies receiving the FTC orders are Freed Maxick CPAs, Foresite MSP, GuidePoint Security, NDB, SecurityMetrics, and Sword and Shield Enterprise Security.