Due to financial implications caused by several recent high-profile data leakage incidents,enterprises are facing increasing pressure for implementation of stringent norms pertaining to governance and compliance reporting. Today, adhering to governmental and contractual compliance requirements is required not only to continue the business, but also generate value. Failure to protect the organizations’ assets, especially critical data, may attract heavy penalties and often result in disciplinary action by the regulator.
Compliance and Government Regulations* :
•The Information Technology Rules, 2011 (four sets of rules have been introduced under the Information Technology Act, 2000) by the Indian Government addressing the industry’s concerns on data protection, creating a mandate for data protection and actions on cybercrime. Sensitive personal information of consumers, held in digital environment, is required to be protected through reasonable security practices by corporates. Moreover, the Act makes it mandatory
for the organization to protect data under contracts. There is a defined penalty for breach of confidentiality and privacy.
(Read more: Changing Landscape of IT Security.How should a CISO prepare for the battle?)
• The Reserve Bank of India’s guidelines on usage of information security to safeguard financial data have come into force in 2012, and swift implementation has been witnessed due to its fast-approaching deadline. Implementation of best practices is another reason behind the thought for investment in data security.
• Financial institutions came under SoX (Sarbanes-Oxley) and GLBA (Gramm-Leach-Bliley Act) and were scrutinized for their consistency and adherence to the norms. This mandates them to adhere to the regulation and implement data security.
• Healthcare facilities like hospitals and pharmaceutical houses are regulated by HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health) Act that mandate the use of security and privacy safeguards.Protected Health Information breach reporting has been a major move toward ensuring compliance and identifying incidents and breaches.
(Read more: 5 Best Practices to secure your Big Data Implementation)
**Not intended to be legal advice. Please consult a/your attorney for legal advice.
Click here for detailed findings -Presented by Frost & Sullivan in Association with Websense.
More: Join the community of 1400+ Chief Information Security Officers. Click here
Comments