Statutory Obligations
Data Protection Statutes are usually non-prescriptive within the commercial IT arena in how data is to be protected, but they increasingly require the active protection of data. United States Federal entities have specific requirements as defined by the U.S. National Institute of Standards and Technology (NIST). NIST documentation can be obtained at http://csrc.nist.gov/publications/PubsSPs.html and commercial agencies have the option of using these documents for compliance requirements.
- History - today's regulatory requirements started with the "Rainbow" Series. Every organization has used these standards to develop "their" version of compliance - don't get wrapped around the NIC on compliance - use "Due Care" and apply "Due Diligence" and base your infrastructure using "SECURITY" as the foundation.
Statutes which mandate the protection of data are:
- Federal Information Systems Management Act (FISMA)
- FEDERAL INFORMATION SYSTEM CONTROLS AUDIT MANUAL (FISCAM)
- Health Insurance Portability and Accountability Act
- Sarbanes-Oxley (SOX)
- Basel II
- Gramm-Leach-Bliley (GLBA)
- Data Protection Act 1998
- Foreign Corrupt Practices Act ("FCPA") - The FCPA of 1977
Read more about this topic: Off-site Data Protection
Famous quotes containing the word obligations:
“So that if you would form a just judgment of what is of infinite importance to you not to be misled in,—namely, in what degree of real merit you stand ... call in religion and morality.—Look,—What is written in the law of God?—How readest thou?—Consult calm reason and the unchangeable obligations of justice and truth;Mwhat say they?”
—Laurence Sterne (1713–1768)