Since my last post on PCI legislation, an exciting development has emerged.

On Monday, Computerworld reported some exciting statistics regarding adoption rates of the PCI DSS among Level I and Level II merchants. According to VISA, 96% of the largest organizations that accept debit and credit cards have stopped storing magnetic stripe information in their systems.

This move validates the overall heightened awareness of loss of personal information witnessed by consumers, as well by those organizations responsible for collecting and storing this information. What’s the clear message in all of this? Steps must be taken to protect the data that customers trust merchants with or else end up like another poster child for data loss. Can you say TJX?

A couple of weeks ago, I spoke at a CIO event in Los Angeles and my presentation included data loss. While doing research for this presentation I looked up the latest statistics for data loss at attrition.org. It blew me away to discover that in June and July of this year more than 5.5 million pieces of PII (Personally Identifiable Information) were lost!

While VISA and the PCI Gang are making great strides at getting organizations closer to compliance, can they move fast enough? Is the PCI standard stringent enough to help reduce this onslaught of information loss? If my two-month statistics are any indicator, it would seem the answer is that there is more work to be done. However, my gut instinct says that PCI is a great step towards good security protocol at every organization regardless of merchant status and will continue to pay benefits in the long run.