The Payment Card Industry Security Standards Counsel has established a set of data compliance standards that all retailers should follow.

FORBES: Securing Customer Data: The Right Thing Is The Smart Thing

To gird against this, the major credit-card companies in 2006 formed an industry group called the Payment Card Industry Security Standards Council, which establishes minimum technical protections for businesses that accept credit cards.

WSJ: Hackers New Target: Small Firms With Lax Security

Compare policies to various compliance regimes such as PCI DSS (Payment Card Industry Data Security Standard) and generate reports for audits.

FORBES: Reduce Policy Complications to Enhance Security

And, in the payments industry, self-policing is in place through the PCI-DSS (Payment Card Industry Data Security Standard) which, while not a federal law, has become law in some states.

FORBES: The Epsilon Hack Attack: Time For "SOX For Consumers"?