Mandatory Data Breach Notification Law
As foreshadowed in my earlier blog post, PCI DSS 3.2 was published at the end of April.
A summary of changes can be found at PCI DSS 3.2 Summary of Changes.
All updated documents including new SAQs are available for download from the PCI SSC Document Library.
PCI DSS v3.1 will remain valid until October 31 2016, after which it will be retired. All PCI DSS assessments from November 2016 must be to PCI DSS v3.2.
Service Providers are advised that there are some updates in PCI DSS 3.2 that will require changes to existing processes in order to remain compliant.
I encourage you to discuss the implications of the changes to PCI DSS with your QSA.
For further details, please call us on 1800 816 044.