ASC X9 Developing New U. S. Standard for Data Protection and Security Breach Notifications
Posted by Ambria Frazier
Subject Matter Experts Sought for Initiative
ANNAPOLIS, Md. – Feb. 6, 2018 — Today the Accredited Standards Committee X9 Inc. (X9) announced the launch of a new initiative to create a standard protecting personal and financial data. The X9.141 Financial and Personal Data Protection and Breach Notification Standard will provide management and security requirements within a common framework to protect this data and to detect, respond to and mitigate data breaches.
Data breaches continue to put millions of consumers at risk. Protecting customer information is a responsibility shared by all parties involved, yet efforts are sometimes hampered by the current inconsistent patchwork of state, federal and international laws and regulations. Comprehensive data protection and consumer notification legislation has been advocated by multiple financial organizations; this initiative will support that effort.
“Having a standard that, without being prescriptive, would allow companies to achieve a level of protection, and additionally allow other companies and regulators to understand and be able to trust that level of protection based on a third-party assessment or other mechanisms, would increase overall data security, while reducing costs throughout the industry,” said Richard Borden, editor for the X9.141 project and Chief Privacy Officer at White and Williams LLP.
This new standard will be designed so that all entities that transfer, process or store financial data (including customer personally identifiable information) are required to:
- Identify, classify and protect this sensitive data to preserve its confidentiality, availability and integrity using consistent, standard security requirements developed in an open consensus environment
- Implement standard measures to detect, respond to and mitigate data breaches
- Provide uniform notification requirements for use when breaches occur
The standard will focus primarily on information security within the financial services industry, but may prove applicable to any industry that needs to protect sensitive data. X9 will also explore accreditation and certification opportunities. Professionals from relevant organizations such as financial institutions, credit bureaus, product manufacturers, government agencies, university research departments and application developers are invited to be part of the initiative.
“X9 has assembled a great team, but we are always looking for more experts,” said Jeff Stapleton, chair of the X9F4 working group within the X9F Data & Security subcommittee.
For more information about participating, those interested are invited to get in touch with ASC X9.
About the Accredited Standards Committee X9 Inc.
The Accredited Standards Committee X9 Inc. is a non-profit organization accredited by the American National Standards Institute (ANSI) to develop both domestic and international standards for the financial services industry. X9 has over 100 member companies and over 400 company representatives that work to develop and maintain approximately 100 domestic standards and 58 international standards.
The subjects of X9’s standards include: retail and mobile payments; printing, imaging and processing of checks; corporate treasury functions; distributive ledger technology; processing of legal orders issued to financial institutions; tracking of financial transactions and instruments; tokenization of data; protection of financial data at rest and in motion; data breaches; electronic contracts; and remittance data in business payments. X9 also performs the secretariat function and provides the committee chair for ISO TC 68, which produces international standards for the global financial services industry. For more information about X9 and its work, visit www.x9.org.
For further information:
+1 (781) 883-3793
ASC X9 TR 48-2018 Card-Not-Present (CNP) Fraud Mitigation in the United States
ANSI X9.124-2-2018 Financial Services – Symmetric Key Cryptography for the Financial Services Industry – Format
Preserving Encryption- Part 2: Key Stream with Counter Mode
ANSI X9.129-2017 (Version 01) Legal Order Exchange
ANSI X9.69-2017 Framework for Key Management Extensions