Data Privacy, Security & Import/Export

Do you have a clear idea as to whether your organization complies with these statutes?

  • Sarbanes-Oxley Act
  • Gramm-Leach-Bliley Act
  • Health Insurance Privacy & Accountability Act
  • Federal Information Security Management Act
  • Electronic Communications Privacy Act
  • Right to Financial Privacy Act
  • California Database Security Breach Act
  • CAN-SPAM Act
  • Patriot Act
  • Children's Online Privacy Protection Act

How about the EU Directive on Privacy and Electronic Communications and the EU Directives on Data Protection and Telecommunications?

Those are hard questions for most organizations, big and small, and the predominant tendency is to ignore as many of these statutes as possible at almost all cost. So let's start with a more straightforward question: have you any idea as to which of these statutes and directives carry criminal penalties for violations?

How you do business, including IT operations, collecting, maintaining and using employee information, customer information and vendor information, are all affected in one way or another by these and many more statutes and regulations. Too frequently, companies publish privacy policies on their web sites without implementing an infrastructure within the organization to ensure that even their own published privacy policies (never mind applicable laws) are followed.

Moving past fundamental privacy issues to cross-border data transfer issues, many organizations today transmit data at warp speed around the globe, thereby potentially subjecting themselves to the laws of multiple jurisdictions and United States laws regarding import and export. To the amazement of many, data and programs that seem perfectly harmless require licenses to export out of the United States. Worse still, inviting a foreign national into the United States, even on a valid visa, to look at that same data within our borders is, as far as your United States government is concerned, the same as exporting the data to the foreigner's country.

Even though this description might momentarily frighten you, you will not, if you are like most people, call a lawyer or data security consultant to address the issues. But one day, when one of these issues jumps up and bites your organization, you will adopt an almost evangelical zeal about the need to look into these rules. Operators are standing by, awaiting your call.

 

Site Map