I send you greetings from the UK. At least I think that’s where I am! With just 24 hours at home between the RSA Conference in San Francisco and InfoSecurity Europe in London, I’m not sure what time zone I’m in -- PST, EST, GMT! All kidding aside, yesterday’s InfoSecurity Europe 2009 kickoff was great. Whilst (that’s how they say it here) the conference is not as big as RSA, there’s a lot more glitz and glamour in the exhibition hall - game shows, in-booth bars and any number of costumed people to get folks to stop by their booths.
I presented “How to Reduce the Scope of PCI DSS Audits by Tokenising
Payment Card Data”, with a special focus on trans-border privacy
(that’s privacy with the “i” as in “if”, not “eye”)!
Given there are many more privacy laws in Europe about sending consumer or employee data across country borders, even within the same company, the use of tokens rather than encrypted sensitive data is another great advantage for the use of a tokenization (or tokenisation) solution. Passing tokens instead of production data for testing, also called data masking, would make life easier for many IT and security people.
Do you have examples where tokenization will help you with privacy or data protection mandates?
More to follow in the coming days.
Cheers,
Gary
