There are different ways of approaching digital security from a legislative point of view. Indeed, cybersecurity legal frameworks are usually composed of:
System protection includes provisions that aim at protecting Information Technology (IT) infrastructure. Relevant examples of this are the directives and recommendations directed at the 16 critical infrastructures designated as such by the Obama administration in the Executive Order 13636. As for proprietary information protection, it is often covered by intellectual property regimes and contractual agreements.
Data protection is widely addressed through the right to privacy, which entails significant restrictions on how personal information has to be stored by organizations.
Some industries are governed by general laws, such as PIPEDA, whereas highly regulated industries such as the financial and healthcare sectors have specific regulations.
For instance, American federal securities laws, and the Financial Industry Regulatory Authority (“FINRA”) rules require that business-related electronic records be kept in “write once, read many” (“WORM”) format, which prevents alteration or destruction. On December 21, 2016, FINRA sanctioned 12 firms based on this requirement, for a total fine of $14.4 million.
In this context, it is critical for executives and security professionals alike to understand their obligations in terms of information security under privacy regimes. We gathered a few resources to stay up to date on privacy and cybersecurity:
Want to know more and be updated on privacy matters in real-time? Follow these Twitter accounts:
@eloisegratton
@realdanstoller
@Privacy_Lynch
@DanielSolove
@Shawnetuma
Of course, you can add us on Twitter as well: @HitachiSysSecurity !
