WHICH COMPLIANCE REGULATIONS APPLY TO YOUR ORGANIZATION?
Dealing with the multitude of regulations across numerous industries is daunting for many organizations. In the US a company may be subject to the authority of one or several regulating bodies, including the Securities and Exchange Commission (SEC), the Federal Communications Commission (CC), and the Federal Trade Commission (FTC). The industries most affected are the financial, retail and e-commerce, health insurance and services, other insurance institutions, banking, defense, utilities, and credit card issuers who have access to sensitive information. But the list also includes any organization that keeps sensitive information – for example, any organization that has social security numbers; this encompasses most employers, government entities, and colleges and universities.
It is difficult to identify enterprises, especially global ones, that are not subject to local, regional, state, federal, or international regulations. HIPAA mandates affect health care insurers and practitioners, but there are also provisions that affect any employer that offers health insurance to its employees. In addition to formal laws and regulations, be aware of industry standards (such as financial accountability standards of Basel III and PCI DSS in the credit card industry). The bottom line is if an IT department is charged with protecting information to ensure confidentiality, integrity, reliability, or availability of information, the chances are there are numerous regulations that demand compliance.