As discussed previously, organizations are faced with increased pressure from governments and public shareholders demanding protection of information systems, especially those concerned with the appropriate use of information, both personal and financial.
This has resulted in increased legal and regulatory compliance demands to ensure the proper use and protection of both corporate and personal information.
There are several regulatory legislatives and acts defined to mandate information systems security covered in the previous sections. Organizations need to adhere to these frameworks and standards, depending on their region and operation in different parts of the world, facing different legislative acts. Organizations operating globally are required to comply locally and internationally in countries in which they operate or conduct business transactions.
Within the United States, organizations are faced with public prosecutors and regulators who are equipped with a growing range of legislation and penalties, including the following:
The U.S. Public Company Accounting Reform and Investor Protection Act of 2002 (Sarbanes-Oxley—SOX)
The Gramm-Leach-Bliley Financial Services Modernization Act of 1999 (GLBA)
The U.S. Health Insurance Portability and Accountability Act (HIPAA)
The European safe harbor regulations
California's Senate Bill 1386 (SB1386) and Online Privacy Protection Act (OPPA)
Within Europe, organizations are faced with prosecutors and regulators at both the national and European levels who are increasingly equipped with a growing range of legislation and penalties, including those available under local implementations of the following:
The EU Data Protection Directive of 1995
The EU Directive on Privacy and Electronic Communications 2002
European Human Rights Legislation
Freedom of Information Legislation
The Council of Europe's Convention on Cybercrime of 2001
Within the Asia-Pacific region, organizations are faced with a complex mix of local prosecutors and regulators who are equipped with a growing range of legislation and penalties, including those available under local data protection and privacy regulations.
In addition, the Asia-Pacific Economic Cooperation (APEC) forum's privacy framework of 2004 is similar to the EU requirements on privacy, although many countries within the region have not yet passed privacy protection laws. This increases the pressure on those organizations in the Asia-Pacific region who aim to compete globally to access Western capital and commercial markets. This is particularly important for outsourcing organizations, who can be subject to the governance and regulatory requirements of their American and European customers.
Note
The information in the worldwide outlook of regulatory compliance and legislative act summary is compiled from Cisco documentation on regulatory compliance. For more details and full disclosure, refer to the following URLs:
http://www.cisco.com/en/US/netsol/ns625/networking_solutions_white_paper0900aecd80351e82.shtml
EMEA: Europe, Middle East and Africa
http://www.cisco.com/en/US/netsol/ns625/networking_solutions_white_paper0900aecd80351ea6.shtml
Asia Pacific
http://www.cisco.com/en/US/netsol/ns625/networking_solutions_white_paper0900aecd80351e9c.shtml