In the U.S., that means taking a federal-first approach: conforming to the highest security requirements of the United States federal government. To minimize complexity and maintain compliance, many organizations are taking a “highest bar” approach-conforming to the toughest relevant standards knowing that any lesser requirements will then also be covered, and that their cyber defenses will be as strong as possible. Some of these new measures are sector-specific, others apply more broadly, and all of them add to existing privacy and data protection regimes such as the Health Insurance Portability and Accountability Act (HIPAA) for healthcare, the Gramm-Leach-Bliley Act (GLBA) for financial services, and the European Union’s General Data Protection Regulation (GDPR), which covers any business with employees or customers in the EU. Intensifying cyberattacks and heightened awareness of the risks they pose is driving the creation of new cybersecurity laws around the world, including in the U.S.
0 kommentar(er)
