It seems data security is becoming a big part of the projects I work on. Identity theft has demanded increased security measures for the storage and transportation of personally identifiable information (PII). PII can include name, country, street address, e-mail address, credit card number, Social Security number, government ID number, IP address, or any unique identifier. The American Institute of Certified Public Accountants (AIPCA) and Canadian Institute of Chartered Accountants (CICA) have created an extensive privacy framework that a lot of companies are adopting. The Payment Card Industry has also created a Data Security Standard based of requirements developed by VISA, MasterCard, American Express, Discover and JCB. These standards and requirements affect e-commerce, travel, authentication, human resources, medical, and other similar applications on web sites, intranets, extranets, other client server and legacy systems.

If your current, or next project collects and processes PII data, do yourself a favor and find out the requirements and necessary steps to meet them. Many of these requirements are fairly new and changing. Clients may not event know them, but if something happens and losses occur, as creator, or administrator of the application you could be liable.