Three Ways To Prepare For The IT Impact Of New Privacy Laws
In the wake of numerous high-profile customer-data breaches, companies that haven't previously been subject to information security and privacy regulation should expect new regulations to mirror elements from existing laws. For businesses that want to start planning now, there's no need to wait for implementation instructions on how to secure consumer data.
Decide What The Law Requires
For businesses that want to start planning now, there's no need to wait for implementation instructions on how to secure consumer data. Companies that already have implemented privacy-compliance measures know something that newer arrivals will need to understand: laws typically do not prescribe specific implementation measures. Instead, laws mandate that businesses take "reasonable" security measures and implement "appropriate" safeguards. In other words, a business probably already knows what it needs to know about compliance standards.
This deliberately vague standard is necessary. Otherwise, government would have to get in the business of prescribing technology-implementation details. Instead, laws leave the details to the parties most likely to understand security requirements as they evolve -- businesses themselves. But this lack of specificity means IT security professionals, not their corporate counsel, get the job of deciding what "reasonable" security looks like in technology terms.
Many in IT feel uncomfortable with an analog standard such as "reasonable measures." They can find a reassurance, however, in the language of the laws listed earlier as well a number of federal and state Unfair and Deceptive Acts and Practices enforcement cases. When the Federal Trade Commission took action last October against two mortgage brokers for violations of the Safeguards Rule under the Gramm-Leach-Bliley Act, one clear message the agency sent was: businesses must at least get started, mount a good-faith compliance effort that makes sense, and show that they're trying to cover the basics.
The IT community has the necessary expertise to define what reasonable security looks like. That's a good thing, because IT professionals face an even greater challenge -- how to persuade the rest of the company to adhere to reasonable security standards. Many of the privacy-breach reports that have hit the news this year demonstrate a failure of business processes, not information-security technology.
2014 Next-Gen WAN SurveyWhile 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.