The trend towards more stringent industry and government regulations that mandate stricter privacy policies and larger fines on enterprises around data loss prevention and data breach notification requirements creates a constant data security compliance battle for enterprises. GLBA, HIPAA, HITECH, FINRA, PCI, FERPA, FACTA, EU Data Privacy Act, and others have become part of the common lexicon used among information technology, enterprise data security and risk management professionals. Even state governments are starting to get more active and prescriptive about data privacy and examples can be found in California SB 24, Massachusetts CMR 17, and Nevada SB 227 to name a few examples in US. Compliance becomes even more convoluted and difficult in these situations when enterprises have global business centers operating from multiple locations, or even business operations across different states within the same country, that are governed by multiple laws and regulations.
With non-compliance implications that can