Businesses must always be vigilant about data security and privacy, particularly in the global information-based economy.  The need for security and privacy has never before been more apparent, with a new incident occurring practically every day. Businesses are dependent upon information technology (IT), not only to be successful in business, but also to be successful in protecting and controlling electronic data.

The risks that are an inherent part of IT make it necessary for IT leaders and IT personnel to know the data protection laws and regulations more than ever before. It is with this knowledge that they can incorporate information security and privacy within all the IT processes, throughout the entire systems development life cycle (SDLC). 

There are many commonalities between the regulatory, contractual and policy requirements for protecting data.  By realizing these commonalities IT can more successfully address compliance in a unified manner throughout the enterprise, and not try to address compliance issues in a piecemeal manner (which is typical but leads to significant compliance gaps). 

I discuss these issues, the IT issues within a wide range of U.S. and international laws and regulations, and clearly list the IT requirements to demonstrate the commonalities, in a new article I posted on my site, "What IT Needs to Know About Compliance."

Technorati Tags
information security
IT compliance
corporate governance
awareness and training
regulatory enforcement
privacy

This entry was posted on Thursday, June 8th, 2006 at 2:57 pm and is filed under Privacy and Compliance. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.