This article can also be found in the Premium Editorial Download "Information Security magazine: Tips for navigating the maze of global security regulations."

Download it now to read this article plus other related content.

Organizations sending data abroad must be prepared to comply with a slew of privacy and security regulations.

U.S. companies doing business overseas face a quagmire of global regulations for keeping data private and secure. Take Verispan, a provider of health care information and services to the pharmaceutical industry. Gathering information on physicians around the world can be a time-consuming and cumbersome process due to regulatory requirements, says Scot Ganow, Verispan's corporate privacy and ethics officer.

Not only does the company need to follow European Union privacy rules, which include providing clear notice to and obtaining verifiable consent from the physicians, but it must research and comply with any specific requirements of individual EU member countries. Even with consent, Verispan uses either EU-approved model contract clauses or Safe Harbor self-certification as extra compliance protection when transferring European personally identifiable data to the U.S.

"It's very layered, very involved," Ganow says of the compliance process.

As the number of online users has skyrocketed worldwide, governments have enacted a maze of inconsistent privacy and security laws. This fractured, highly complex global legal framework is creating regulatory headaches for businesses. Laws restricting cross-border data flows and those requiring security breach notification are the most problematic and impose

    Requires Free Membership to View

the highest compliance costs. They also carry the greatest risk of damage to reputation or brand, loss of market share, or reduction in stock price.

The complexities and inconsistencies associated with global privacy and security laws are forcing multinational companies to approach these issues in a multidisciplinary manner, blending legal, technical, operational and managerial considerations.

This was first published in February 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: