Evaluation of Data Protection Measures

Evaluation of Data Protection Measures

Introduction

Federal Information Processing Standards (FIPS) defines data protection as "The protection of data from unauthorized alteration, damage, or disclosure." With the over reliance of industries and organizations on IT, data protection appears to be the stand out concern because damage or modification of information can lead to unbearable business loss (Sanders, 2006). In many cases, data disclosure results in the leak of high privacy information. Provision of Information Technology related security is much more difficult as compared to physical security. This is because there are various technicalities and complexities in virtual security as different level of security is required at different layers of a same different (Simons, 2009). As a result, for the provision of proper data protection measurement, various state and federal legislations, standards, and policies pertaining to data protection have been put in place.

Discussion

Standards and Policies Pertaining To Data Protection

Some of the main state and federal acts and policies that are put into place to make the information security a positive and to eliminate the involvement of illegal activities; Sarbanes-Oxley Act (SOX), Data Protection Act, Federal Information Security Management Act (FISMA), California Security Breach (SB) Information Act, Massachusetts 201 CMR 17.00, and Computer Misuse Act.

Sarbanes-Oxley Act (SOX)

The Sarbanes Oxley Act was passed in 2002 in the US and is also known as SOX commonly and with different names in Senate and House. The law is implemented in all public company boards, management and public organizations for accounting (Kuschnik, 2008). The act resulted as a result of a number of intense accounting scandals in leading companies. The act includes various corporate responsibilities and demands criminal penalties on the culprits within the firm or outside of it. The key issues that the act facilitates are; provision of independence to auditor, corporate right, assessment of internal control and improved financial information.

Data Protection Act

The Data Protection Act was passed in the year 1998 in the United Kingdom, but it is adopted in the US as well. The act facilitates the provision of protection on personal data. The act is considered a useful addition to provide balance between individual's rights with those who have lawful reasons for the use of personal information (Leigh-Pollitt, et al. 2001). The act provides equal rights to the data controllers and the data operators (data subjects). DPA has formulated a list of eight principles which are provided to firms to comply according to them.

Federal Information Security Management Act (FISMA)

The act of FISMA was passed in 2002 in the US Federal law. The act was put forwarded because the government of the US realized the importance of information security for economic and national interest. For the provision of this information security, the act needs federal agency to make and put in place agency wide program in information systems. FISMA has been sighted as a measure to provide cost effective security (Howard, 2011). The act involves additional departments that operate actions for the purpose of annual review of information security plan of ...