Although the misuse and loss of both corporate and personal data can expose even the most reputable firms to significant legal, regulatory and reputation risks, for years, information privacy in the U.S. has been protected only through an amalgam of narrowly targeted rules governing specific sectors. Although many countries have passed recent legislation to protect data privacy, the American legal system has relied mostly on self-regulation (and oftentimes litigation) to address breaches in data privacy and security - mostly after the fact. However, new data privacy statutes are increasingly being discussed by state and federal legislators across the U.S. If enacted into law, these regulations will have direct impact on a company's data governance policies.

In some industry sectors, data privacy laws have already taken hold. For instance, the health care industry is required to comply with the The Health Insurance Portability and Accountability Act (HIPAA), which governs how health care organizations handle and distribute information on a patient's medical history. In addition, the financial services industry continues to wrestle with the Gramm-Leach-Bliley Act of 1999, which requires affected companies to comply with privacy policies that govern how information can be disseminated within and between banks and brokerages. Lawmakers are paying increased attention to the Personal Information Protection Act, which was recently signed into law in Japan. It will come as no surprise if this is used as a template for future legislation in the U.S. and other countries.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access