Jeff's InfoSec Blog

Thoughts about information security, privacy, and regulatory compliance. Brought to you by Jeff Newfeld, the product unit manager for security solutions in Microsoft's Core Infrastructure Solutions group.

Credit Bureaus adopt data protection standard... so what?

Credit Bureaus adopt data protection standard... so what?

  • Comments 24
  • Likes

So the three big credit bureaus are adopting a single data encryption standard to "further assure the protection of sensitive consumer data when transmitted between data furnishers and credit reporting companies" (link).  Great. 

Except that data encryption isn't the problem.  All of the widely publicized recent attacks have been either from insiders, or from organizations that were customers.  Such attackers already have access to the data.

The answer isn't going to be that easy.  It is going to require some type of rights management that ties the data to the consumer, the usage and the time that it is valid. 

The real message here is that this isn't for consumer protection at all.  It is to make life easier for the purchasers of credit reporting data, who today have to deal with different schemes from each of the big three.  Maybe there is some benefit here for the consumer, but it isn't immediately obvious.

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment