Chapter 3. Governance, Risk, and Compliance
In This Chapter
Protecting information to comply with the rules
Getting to know the regulations
Proving compliance to yourself
Proving compliance to an auditor
Otto von Bismarck, the nineteenth-century German chancellor, is famous for purportedly saying:
Laws are like sausages. The less you know about how they are made, the more respect you have for them.
Well, sometimes you need to know more than you might want to. This chapter is where the beef hits the band saw.
Protecting Your Data — or Else
Organizations of all shapes and sizes must be mindful of a plethora of government laws and industry regulations — which tend to bring on new breach-notification laws.
Besides laws such as HIPAA, GLBA, and Sarbanes-Oxley in the U.S., the majority of digital-aware countries in the world have similar — and numerous — data-protection laws. Not least of these are the Data Protection Directive 1995 — E.U. and the Data Protection Act 1998 — U.K. These are good news for the likes of you and me; they require companies to look after our data. Of course, as we all know (especially from recurrent news articles on this theme), this protection doesn't always go as planned. Anyway, back to regulations.
Article 17 of the Data Protection Directive 1995 — E.U. states:
Member States shall provide that the controller must implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, ...
Get Data Leaks For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
