Q
Get started Bring yourself up to speed with our introductory content.

What happens if you ignore information security compliance?

If an enterprise decides to ignore its information security compliance obligations, what happens? Expert Mike Chapple explains what willful noncompliance means.

What are the penalties for willful noncompliance - a.k.a. when enterprises decide regulatory compliance isn't worth...

the headache so they just don't do it? Does this happen often? Are there any positives to willful noncompliance, or do the cost in potential fines and reputation damage outweigh the cost of investing in information security compliance?

There's no doubt that compliance is a burden and that some of the activities required to demonstrate compliance with laws and regulations don't directly contribute to the security of an organization. That said, I don't know of many enterprises who have decided that they just won't do information security compliance. I do know that different organizations take different approaches to their security and compliance obligations. Some choose to play it by the book and completely document their compliance with every single provision of every regulation. Others take a much looser approach to information security compliance, seeking to generally operate within the spirit of various regulations.

My suspicion is that most organizations lie somewhere in the middle of this spectrum and do engage in a good faith effort to maintain compliant IT operations. Those that fail to comply face a variety of expensive penalties, ranging from civil fines to criminal prosecutions. Merchants that fail to comply with PCI DSS face significant financial penalties and, in the worst case, may jeopardize their ability to participate in future credit card transactions. Organizations and individuals who commit willful breaches of HIPAA may even face jail time for their negligence.

The bottom line is that information security compliance is not optional. Organizations subject to laws and regulations should invest the time and energy required to comply with those obligations.

Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)

Next Steps

Find out how tokenization affects PCI DSS compliance

Learn who should perform the HIPAA and HITECH compliance assessments at your organization

Find out how the new HHS Web portal affects HIPAA data breach reporting

This was last published in December 2015

Dig Deeper on Data privacy issues and compliance

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close