Statutory Obligations
Data Protection Statutes are usually non-prescriptive within the commercial IT arena in how data is to be protected, but they increasingly require the active protection of data. United States Federal entities have specific requirements as defined by the U.S. National Institute of Standards and Technology (NIST). NIST documentation can be obtained at http://csrc.nist.gov/publications/PubsSPs.html and commercial agencies have the option of using these documents for compliance requirements.
- History - today's regulatory requirements started with the "Rainbow" Series. Every organization has used these standards to develop "their" version of compliance - don't get wrapped around the NIC on compliance - use "Due Care" and apply "Due Diligence" and base your infrastructure using "SECURITY" as the foundation.
Statutes which mandate the protection of data are:
- Federal Information Systems Management Act (FISMA)
- FEDERAL INFORMATION SYSTEM CONTROLS AUDIT MANUAL (FISCAM)
- Health Insurance Portability and Accountability Act
- Sarbanes-Oxley (SOX)
- Basel II
- Gramm-Leach-Bliley (GLBA)
- Data Protection Act 1998
- Foreign Corrupt Practices Act ("FCPA") - The FCPA of 1977
Read more about this topic: Off-site Data Protection
Famous quotes containing the word obligations:
“Whoever takes a view of the life of man ... will find it so beset and hemm’d in with obligations of one kind or other, as to leave little room to suspect, that man can live to himself: and so closely has our creator link’d us together ... that we find this bond of mutual dependence ... is too strong to be broke.”
—Laurence Sterne (1713–1768)