Three Ways To Prepare For The IT Impact Of New Privacy Laws - InformationWeek
11:19 AM
7 Key Cloud Security Trends Shaping 2017 & Beyond
Dec 15, 2016
Cloud computing is enabling business transformation as organizations accelerate time to market and ...Read More>>

Three Ways To Prepare For The IT Impact Of New Privacy Laws

In the wake of numerous high-profile customer-data breaches, companies that haven't previously been subject to information security and privacy regulation should expect new regulations to mirror elements from existing laws. For businesses that want to start planning now, there's no need to wait for implementation instructions on how to secure consumer data.

Plan For The Obvious
Companies that haven't previously been subject to information security and privacy regulation should expect new regulations to mirror elements from existing laws: Put someone in charge, analyze vulnerabilities, make a plan, implement policies and procedures that address technology as well as business processes, train, monitor your service providers, and circle back to evaluate and adjust your program on an ongoing basis.

These common and common-sense requirements appear in existing data-security regulations for companies subject to the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and, north of the border, the Canadian Personal Information Protection and Electronic Documents Act.

Businesses will have to be reasonably certain their service providers live up to the same standards. A company must wisely choose and monitor its service providers and cannot evade privacy liability by outsourcing. Even while Congress has been considering new regulations to control outsourcing, existing laws already require companies to police their service providers by building privacy provisions into contracts and monitoring vendor performance.

Some companies pondering the future of regulation may be unaware that a mandate of reasonable security already applies to them today. If a company is engaging in business-to-consumer transactions, it is regulated. Under the basic consumer-protection principles of Unfair and Deceptive Acts and Practices laws, the Federal Trade Commission and state attorneys generally already have established a data-security-enforcement history involving organizations that include the ACLU, Alta Vista, Barnes & Noble, Eli Lilly, Guess, Microsoft, Sony/InfoBeat, Tower Records, Victoria's Secret, Ziff Davis Media, and many others.

These cases targeted online practices, but the rules are the same in all data channels. Be assured that consumer-protection agencies are taking a hard look at offline and business-to-business transactions that expose consumer data. And take note, "consumer data" means more than hot-button data such as Social Security numbers, credit-card numbers, and medical data. It includes names, addresses, phone numbers, and Global Positioning System data.

2 of 4
Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll