In general, more regulation is a good thing. Regulation is what's given us life-improving innovations like the 8-hour workday, and the weekend. It's given us child labor laws, fair wages, cleaner air and water, and healthier food. There's no denying that regulation is, in general, a good thing—but will the GDPR specifically improve our lives, or could it stifle digital innovation?
The General Data Protection Regulation (GDPR) is coming, and every commentator says that it represents a huge upheaval in the world of information privacy. They say that, but there have been other occasions where the European Union's Information Commissioner Office has put out some regulations that made barely a ripple. Worse, some proposals have been outright ludicrous, and had they been enacted the foundations of the Internet may have crumpled.
In our ongoing series on compliance and security, we've covered the history of information security compliance, compliance regimes in general, and how to prepare for a SOX audit. Now, let's move on to the catchily-named NIST 800-53. This security standard covers all federal organizations, except for those under the purview of the defense agencies, and all non-governmental agencies who wish to work with the U.S. government.
SOX compliance, while similar in some respects to both HIPAA and PCI, represents one of the most rigorous compliance standards currently applied to US companies. It is rigorous because it has to be.
From time to time you’re likely hearing references to HIPAA compliance and certification in the context of the health care system. So, like me, you are probably wondering what it means and how it has impact on you and your medical providers.