IAPP - International Association of Privacy Professionals - Carr gets to heart of it
Heartland Payment Systems CEO discusses breach, previews speech
Not a week had passed after the announcement of what some have described as the largest data breach ever, when the CEO of Heartland Payment Systems, Robert Carr, began calling for better industry cooperation and new efforts directed at preventing future breaches.
Recently, Carr announced that trials will begin late this summer on an end end-to-end encryption system Heartland is developing with technology partners. It is expected to be the first system of its kind in the U.S. The company is also pushing for an end-to-end encryption standard.
At the upcoming Practical Privacy Series in Silicon Valley, Carr will discuss the Heartland breach and the role industry, including privacy professionals, must play to prevent future breaches.
Here’s a preview:
IAPP: Many companies have experienced breaches. What made yours different?
Ours was different because we are a processor and had passed six years of PCI audits with no problems found. Yet, within days of the most recent audit, the damage had begun.
IAPP: Did you have a chief privacy office or a privacy professional on staff before your breach? Do you now?
Ironically, when we learned of the Hannaford’s breach, we hired a Chief Security Officer who started just three weeks before the breach began.
IAPP: In the era of mandatory breach reporting, what is the trajectory of consumer reaction?
As a processor it is difficult to really know this. Our customers are merchants who accept card payments.
IAPP: Do you think consumers will become numb to breach notices?
I believe that many are numb to so many intrusion notices.
IAPP: Are breach notices good public policy? Do the notices provide an incentive for companies to change or improve practices?
I don’t think so. Nobody wants to get breached and the damage caused by a breach is sufficient reason for most of us to do everything we can to prevent them.
IAPP: What has Heartland done differently since the breach?
We have added multiple layers of additional security, helped form the Payment Processors Information Sharing Council and ramped up our timetable to deploy the industry’s first TRSM encryption processing network.
IAPP: You will deliver a keynote at the IAPP Practical Privacy Series event in California next month. Can you give us a preview of your remarks?
I am going to discuss our breach and what we have done and are doing to help others prevent breaches to their own systems.
Heartland Breach, Bob Carr
