Faulty Site Redesign Leads Tower to Settle With Regulators
30th April, 2004
As Internet security threats multiply, redesigns of e-commerce sites can introduce a lot more than a sleek new user interface. Tower Records recently settled charges with the U.S. Federal Trade Commission, which sued the company last year after a redesign of its online music store introduced security holes that exposed customers' personal information.
The Tower case marked the FTC's fourth case targeting companies that exposed sensitive customer data through security gaffes, with previous cases producing consent agreements with Microsoft, Guess and Eli Lilly. The FTC scrutiny comes as corporate IT are facing pressure to bring their IT security into compliance with a bevy of government regulations. They include:
- A new California law obligates e-commerce providers to disclose any compromise of customer data.
- Updated regulations from the Basel Committee on Banking Supervision will require UK financial institutions to produce exact details of any security breaches.
- The Sarbanes-Oxley Act of 2002 (SarbOx), an accounting oversight and corporate governance law with broad technology impacts, which requires stronger internal IT controls for financial data, with CEOs ultimately accountable.
- The Health Insurance Portability and Accountability Act (HIPAA), which applies stringent secuurity standards for the handling of medical records, and stiff fines for companies that suffer lapses that expose private data.
Netcraft offers a range of advanced security services, including The Netcraft Network Examination, an automated vulnerability test of Internet-connected networks which checks for new security vulnerabilities and configuration errors caused by system and network maintenance.