Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Data Privacy Framework Solves the Puzzle of Compliance

Information Security Forum : 23 March, 2010  (New Product)
Research indications that organisations face increasing challenges of solving the puzzle of data privacy legislation prompts the ISF to issue a data privacy framework to take out some of the guesswork in becoming compliant
The absence of uniform global legislation, regulations or standards for data privacy is posing a major data privacy puzzle for organisations faced with protecting the confidentiality, integrity and availability or personal customer and employee information. This is the conclusion of the Information Security Forum (ISF) following a detailed research project that drew on the views and experiences of its members, some 300 of the world's leading companies and public sector bodies.

"While the changing regulatory climate has placed an increased focus on data privacy, compliance requirements can differ based on geography and industry sector," says Simone Seth, a senior ISF research consultant and author of the ISF's Solving the Data Privacy Puzzle report. "Some countries enact regulation at a federal or state level, while other regulations such as the UK Data Protection Act are based on legal requirements. In other cases, such as the PCI DSS for payment card protection, compliance is based on industry standards; and the problems are further compounded by the increase in third-party relationships and new Cloud-based computing."

Despite these anomalies and challenges, almost all data privacy compliance obligations, irrespective of jurisdiction or industry sector, are based on fundamental principles regarding the protection of personal information, says the ISF.

By ensuring that these principles are addressed using a structured and consistent approach, organisations are able to comply with their data privacy obligations and safeguard personal information. The ISF has defined a data privacy framework that focuses on four key areas to manage compliance obligations:

* Governance − structuring the data privacy strategy
* Policy − developing data privacy policy
* Technology − leveraging technology to safeguard personal information
* Business processes − assessing and managing data privacy risk

Too often, security controls are seen as the solution to privacy compliance obligations, potentially leaving organisations vulnerable to process and business related risks. Furthermore, blurred boundaries between the organisational functions of information security, compliance and privacy - where these exist separately - can make it more difficult to manage risk across the enterprise.

"The challenge to address the multiple elements of privacy compliance remains an urgent priority," says the ISF's Simone Seth. "Failure to comply with obligations may lead to fines, penalties, reputational damage and loss of customer confidence." The ISF Solving the Data Privacy Puzzle report is available to ISF members.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo