In an article for the Institute for Critical Infrastructure Technology, Kirk Nahra explains what security professionals need to know about privacy law.
Excerpt: Security existed as a business norm long before it became a legal and compliance requirement. Doctors' offices locked their doors at night to ensure no one could access their records. Stores took precautions when they walked the daily cash receipts to the bank. Now, it is enormously more complicated to guarantee data security, which is the physical and technological protection of both personal data and sensitive proprietary information. Appropriate best practices and legal requirements are growing every day, across all industries, and around the world.
At the same time, in a somewhat parallel development that has slightly preceded data security as a legal obligation, companies all over the world now need to make sure they are following appropriate practices relating to how personal information is collected, used, and disclosed. This growing range of privacy obligations should be understood generally by information security professionals, and an effective partnership with company privacy officials is critical to the appropriate protection of companies, their employees, their customers, and any other individuals whose data is being collected by these companies.