NIST Special Publication (SP) 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations, represents a multi-year effort to develop the next generation of security and privacy controls needed to strengthen and support .

The protection of employee and consumer data has become a priority for companies and organizations, especially with the ever-increasing potential for liability due to the use of new technologies. The collection and management of data require a broad range of legal compliance activities. It is essential to prioritize and protect sensitive, confidential, and proprietary information. Data breaches or losses can have a substantial adverse effect on a company’s financials and reputation. This article discusses several privacy laws expected to guide organizations in the protection of their information assets, and the privacy rights of individuals, through compliance.

Humanity’s entrance into the Fourth Industrial Revolution has made exponential changes to how people relate with one another and with their technology. Data is easily uploaded and shared to other gadgets through high-speed Internet and Cloud storage. The increased use of these and other supply chain networks has also made files easier to access—and harder to protect.

Following the implementation of the European Union’s General Data Protection Regulation (GDPR) earlier this year, privacy and security regulations are taking the worldby storm. The California Consumer Privacy Act, petitioned and signed June 2018, will be put into effect on January 1, 2020. Despite its smaller geographical scope, the law will have significant effect on many businesses.

The European Union’s General Data Protection Regulation’s (GDPR) came into effect on 25 May 2018. The GDPR law has triggered several immediate changes. The new regulation safeguards security and privacy rights for users. GDPR has forced companies to change their practices on data gathering and processing in many ways.

The 1996 Health Insurance Portability and Accountability Act (HIPAA) promotes the security and privacy of employee health information. HIPAA seeks to facilitate efficient and effective electronic transfer of healthcare information between healthcare facilities as well as protect patients’ privacy. The Health and Human Services Department (HHS) was mandated to develop with security standards that they issued in 2003. The resulting health security standards rule gives patients rights over their health information and set standards on who can access it. The act further articulates precautions that all healthcare providers must take to protect and secure electronically collected health information. Agencies, organizations, and individuals classified as covered entities must comply with HIPAA.

In recent years, the world has become even more data-driven. We have seen the explosive demand for data which ushered in the creation of unprecedented volume, velocity and variety. This shift has also resulted in additional risks, with wider impact and costlier consequences

Many firms that suffer from cyber-breaches not only struggle financially, but their credibility within their industry may also be jeopardized. This can lead to customers losing trust in the company, resulting in loss of potential sales and a struggle to regain customer trust. For these reasons, compliance with federal, industry, and/or cyber regulations is mandatory for businesses and organizations to save themselves from devastating consequences of becoming non-compliant.

Healthcare organizations have increasingly become a target for cyber attacks. Numerous malicious, large scale health data breaches have taken place this year such as the Anthem data breach, which affected nearly 80 million individuals.[1]More recently, UCLA Health suffered a massive data breach in May 2015, where hackers accessed the medical files of more than 4.5 million patients, according to a UCLA Health notice published in July.[2]According to a 2015 Harris Poll commissioned by Vormetric Data Security, 26 percent of healthcare IT decision makers are protecting data because of a data breach in the past.[3] The report also stated that 48 percent of U.S. healthcare organizations reported either encountering a data breach or failing a compliance audit in the last year.