Privacy, security legislation coming in 2011 could affect enterprise IT


The regulatory and compliance landscape is always in flux, creating challenges in IT governance and risk management. The coming year presents the potential for stricter laws and regulations regarding privacy and security in the United States and Europe, CIOInsight's Samuel Greengard reports. Greengard presents 10 trends in the legal and legislative arena that CIOs should keep an eye on.

Analysts anticipate a national data breach notification law in the United States, in light of the 46 states that already have passed such laws. One potential candidate is The Data Accountability and Trust Act, which would require that companies with interstate business notify affected customers of breaches.

There will be rising liability issues surrounding social media and data carried via mobile devices, making data loss prevention tools increasingly critical. CIOs will also have to ensure that there are controls to protect how data is collected and used via location-based services, Greengard reports.

There also will be mounting pressures surrounding the controls for customer verification and business reporting requirements. In light of the Dodd-Frank Wall Street Reform and Consumer Protection Act, companies will reduce the variability in business reporting systems and will be encouraged to step up anti-money laundering and anti-terrorist initiatives. Boards of directors are likely to issue new directives on identifying and reporting risk.

For more:
- see Samuel Greengard's article at CIOInsight

Related Articles:
Data breach laws, e-discovery increase compliance duties
Survey: Most organizations don't delete data securely
Ponemon: Data breaches cost healthcare $6 billion a year
RSA report: Compliance risks, costs are on the rise