Posted by: Robert Davis
FCPA, Foreign Corrupt Practices Act, GLBA, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, HIPAA, IAP, Information Asset Protection, Information Security Governance, Information Security Management, ISG, ISM, Sarbanes Oxley Act, SOA, SOX
When exploring links between national and international arenas, the information security manager will discover international developments decisively impact national laws. Specifically, regional coalitions have enacted IAP related edicts that subsequently were codified in national laws and regulations. Procedurally, most regional coalition IAP decrees are presented as directives to member nations for federal ratification. For this reason, with the assistance of legal counsel, it is strongly recommended that information security managers evaluate all relevant statutory and regulatory mandates; in whatever judicial divisions the entity operates. Beneficially, multiple legal compliance requirements assessments enable entity-centric standard practices for satisfying other expected behavior. Exercises in legal due care can also equip an entity to build a compliance culture where standardization is the norm, and conditionally produce an environment conducive to training employees in IAP.
Predicatively, laws will continue to be enacted and the regulatory environment will become more complex due to unacceptable conduct remediation. Consequently, entities will continue to be compelled to demonstrate compliance with legal mandates – especially laws governing data retention and privacy – that can differ by hemisphere, country, province, county, city, as well as industry. In this increasingly complex regulatory environment, most entities should balance their focus on compliance imperatives without diminishing anticipated response quality to governmental edicts.