Data Security Trends Part 1: Regulation and Compliance, A Driving Force

Regulation and compliance have had, and continue to, significantly impact data security trends and IT behavior. The following are some of the most instrumental policies and their influence on security operations.

Directive 95/46/EC (“Data Protection Directive”)
At a European level, sets up a regulatory framework and strict limits on the collection and use of personal data in an effort to strike a balance between a high level of protection for the privacy of individuals and the free movement of personal data within the European Union (EU).

PCI Payment Card Industry Compliance
PCI regulations went into effect in 2005. By design, the compliance regulation protects vendors, employers, employees, and consumers from unprotected network systems that result in loss of personal data and revenue.

BASEL II
Basel II, initially published in June 2004, includes recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision (BCBS). In the simplest terms, the greater risk to which the bank is exposed, the greater the amount of capital the bank needs to hold to safeguard its overall financial stability and economic soundness.

Health Insurance Portability and Accountability Act (HIPPA)
HIPAA seeks to establish standardized mechanisms for electronic data interchange (EDI), security, and confidentiality of all healthcare-related data.

Hague Conference
Preliminary Document No 7 of April 2000, “Electronic Data Interchange, Internet and Electronic Commerce”, acknowledged the groundbreaking work of a number of international organizations with regard to the protection of privacy in connection with trans-boundary data flows and suggested some avenues for future Hague Conference work.

This blog entry is the first in a five part series about data security trends of the past decade. Stay tuned for "Part 2: De-Perimeterization, The Walls Come Tumbling Down".