9.5. Regulating Privacy and Security
An organization's security management policies don't exist in a vacuum. Regulatory and governmental agencies are key components of a security management policy. These agencies have made large improvements over the last several years to ensure the privacy of information; several laws have been passed to help ensure that information isn't disclosed to unauthorized parties. The following sections provide a brief overview of a few of these regulations. As a security professional, you must stay current with these laws because you're one of the primary agents to ensure compliance.
In addition to the federal laws, most states have laws on computer crime as well. Check http://nsi.org/Library/Compsec/computerlaw/statelaws.html ...