The X9F4 Cryptographic Protocols and Application Security workgroup has begun the development of a new standard, X9.141 Financial and Personal Data Protection and Breach Notification standard. Data security breaches continue to put millions of consumers at risk. Protecting consumer information is a shared responsibility of all parties involved. Comprehensive data protection and consumer notification legislation has been advocated by multiple financial organizations. The purpose of this project is to support and inform this effort. It is critical to move forward in developing a strong U.S. national data security and breach notification standard, to improve the security of the U.S. payment system, to better protect consumers and other stakeholders, and to address the gaps created by the current inconsistent patchwork of state laws. This standard is intended to ensure all entities that handle sensitive financial data and PII have in place a robust process to protect this data and prevent breaches from happening. This standard should apply to all organizations that handle sensitive payment information and it would provide a consistent breach notification process to protect consumers and other stakeholders nationwide.
This announcement is being made so that those who would like to work on developing this standard will have the opportunity to do so. The workgroup is also looking for a technical editor for this standard. If you are not currently involved in the X9F4 workgroup and are interested in participating or would like to volunteer as the technical editor, please contact us.