Legislation and regulation that is relevant to North American organizations includes:
• The Sarbanes-Oxley Act, primarily a corporate governance act but with significant regulatory implications – see chapter 3, below
• Basel 2, which primarily affects banks and major financial institutions and has extensive IT compliance implications – see chapter 4, below
• The Californian Senate Bill 1386, which requires notification of breaches of personal data security, and a host of similar state-level laws – see page 19, below
• Online personal privacy legislation, including the California Online Privacy Protection Act 2004 (‘OPPA’), which requires websites serving Californians (irrespective of their geographic or jurisdictional ...