Join Mandy Huth for an in-depth discussion in this video Legal: GDPR and other regulations , part of Security Matters (To Everyone).
(energetic music) - Information security protects the confidentiality, integrity, and availability of systems and data. What you may not know is that this comes into play in many of the regulations you see in today's industries. The first regulation I'd like to talk to you about is GDPR. GDPR's intended to protect the privacy of citizens in the European Union. The reason this comes into play for information security is because we have to find a way to protect data, both in transit and at rest.
The next regulation you may want to know about is PCI DSS. This stands for Payment Card Industry Data Security Standards. The intent of this regulation is to protect credit card information, both when you're processing it and when you store it. Information security comes into play because it involves IT Processes on how we store our data. The Sarbanes-Oxley Act, or you may know it as SOX, is intended to protect the public and investors by increasing the accuracy of corporate disclosures.
The reason information security comes into play here is there are numerous audit requirements. Additionally, you want to remove any opportunity for conflict of interest. Many times your information security teams will be involved in cases of fraud. The Gramm-Leach-Bliley Act is intended to protect consumer data that is held by financial institutions. (ululated yelling) One tenant of this act is called The Safeguard Rule. It requires financial institutions to implement controls to protect the confidentiality and the integrity of private consumer information.
Please note that this list may not be comprehensive for your industry. Additionally, I'm no lawyer, (bell dings) so please don't consider this legal advice. You may notice whether it's privacy or security of systems and data, information security is a key contributor. So what should you do? Take the time to work with the different parts of your organization to understand your responsibilities. Talk to your risk officer. Talk to legal counsel. Talk to your information security team, even your IT teams, and you'll find your way.