Security Laws

Security Laws

Introduction

As the government places an increasing number of compliance requirements on businesses, IT departments are struggling to keep pace with the increased workload. A study conducted in 2006 by technology research firm Gartner Inc. estimated that 10 to 15 percent of that year's corporate IT budgets would be spent on financial compliance management. According to Gartner Inc., professional services focused on consulting, audits, process management/workflow, documentation and planning are responsible for most compliance expenses.

Network Compliance

The term network compliance is a broad one, and can have many meanings. The word compliance means “the state or act or conforming with or agreeing to do something, often in response to legislation, rules or regulations or court order.”  Complying with all the rules, laws and orders in effect in the U.S. and other jurisdictions can be a tall order. Within the industry, the term is usually used to refer to one of the following:

Compliance with copyright laws in regard to software and other intellectual property.

Compliance with IT security and privacy regulations governing specific industries.

The Sarbanes-Oxley Act of 2002

Enacted in response to a series of high-profile financial scandals, the Sarbanes-Oxley Act (SOX) is designed to protect shareholders and the general public from enterprise accounting errors and fraudulent practices. The act is administered by the SEC (Securities and Exchange Commission), which sets deadlines for compliance and publishes rules on requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records. Instead, it defines which records are to be stored and for how long. Sarbanes-Oxley is all about ensuring that internal controls or rules are in place to govern the creation and documentation of information in financial statements. Since IT systems are used to generate, change, house and transport that data, IT departments have to build the controls that ensure that SOX information stands up to audit scrutiny.

The Health Insurance Portability and Accountability Act of 1996

Created to establish standardized mechanisms for EDI (electronic data interchange), security and confidentiality of all health care-related data, the Health Insurance Portability and Accountability Act (HIPAA) features two distinct sections. HIPAA Title I deals with protecting health insurance coverage for people who lose or change jobs. HIPAA Title II includes an administrative simplification section that concerns the standardization of health care-related information systems. To organize and protect medical records, IT departments need to invest in and operate an array of technologies, including EMR (electronic medical record) solutions, firewalls, remote monitoring systems, intrusion-detection technologies, auditing software and encryption programs.

The Gramm-Leach-Bliley Act of 1999

The Gramm-Leach-Bliley Act (GLB Act), also known as the Financial Modernization Act, is a federal law designed to control the ways financial institutions deal with consumers' private information. As with other privacy-related mandates, affected IT departments need to spend heavily on data-protection technologies.Enterprises and their IT departments should look for compliance solutions that simultaneously satisfy multiple regulations covering several business units. At the same time, IT managers and their bosses should adhere to a sensible strategy when deciding on ...