The challenges are twofold. The first is awareness. “When I talk to one of my clients, they say, ‘Law? What law?’” he said. The second is the requirement for a written information security plan (WISP). “Ninety percent of the clients I deal with on this law do not have a WISP.” The law was written in response to the theft of information on more than 45 million credit card accounts from TJX Companies in 2007. Hacker Albert Gonzalez pleaded guilty to the theft in August 2009.

Hmmm ...