Data security regulations are becoming more prescriptive, and they are applicable to a wider range of organizations, including, in some cases, the suppliers of regulated companies. Enforcement efforts are growing stronger, and penalties will be more stringent. These are the trends that companies need to be on the look out for as the compliance environment evolves in the coming years, according to a report by The Security for Business Innovation Council, which is sponsored by RSA.

The main message in the report, "A New Era of Compliance: Raising the Bar for Organizations Worldwide," is that changes in the compliance environment will drive both greater risks and greater costs. The new era will see strengthened enforcement efforts, the spread of breach notification laws across the globe, more prescriptive regulations and increasing requirements with regard to business partners. The report warns that organizations will be involved in more litigation as business partners and customers sue to be compensated when data is compromised.

"Going forward it will be more difficult to hide informa­tion security failings wherever organizations do business: Legis­lators are forcing transparency through the introduction of breach notification laws in Eu­rope, Asia and North America as data breach disclosure be­comes a global principle," the report reads.

Even organizations not directly subject to data protection regulations will be affected because regulated companies are becoming increasingly responsible for their service providers.

One of the primary impacts of the new compliance era on business is that management will have to focus more on security, according to the report. Compliance costs will grow, as will the consequences of a data breach. The report offers seven recommendations for addressing compliance in the evolving environment.

For more:
- see "A New Era of Compliance: Raising the Bar for Organizations Worldwide" report

Related Articles:
RSA study: More IT decisions are influenced by users
Data breach laws, e-discovery increase compliance duties
Making security legally defensible
At GE, IT and legal pros team up to tackle privacy