Security in information age has led to a heightened concern that personal information is not being protected. The high speed at which private information can be used and shared, often without permission, enables and increases the possibility of identity theft and other unauthorized uses of personal information.
Initially, self-regulation through the implementation of good security practices was thought to be the way to protect electronic personal information. In the latter part of the twentieth century, a sectoral approach to information security regulation started to gain favor with the passage of laws protecting health and financial information. However, between February 2005 and July 2006, there were 237 reported security breaches involving the compromise of more than 89 million records containing personal information of these, 83 incidents involved institutions of higher education, including academic medical centers. The number of reported security incidents demonstrates that self-regulation has generally failed.
As a result, controlling risks to personal information through enhanced information security has become the subject of state and federal laws. The recent upsurge in the number of state and federal laws and regulations represents an emerging legal standard that imposes obligations on colleges and universities to protect the data they collect, store, process, use, and disclose. These laws increasingly affect how higher education institutions, often operating in multiple jurisdictions, handle personal information, including sensitive health and financial data. Many of the new laws require disclosures to victims when there is unauthorized access to systems containing sensitive information. Failure to protect this type of information will inevitably result in public embarrassment and the financial costs associated with managing the response to incidents and may also result in investigations, fines, and other penalties.
Axxera provides compliancy services in verticals sectors and various compliances.
- HIPPA – Health care
- PCI DSS – Payment Card Industry
- GLBA – Finance
- FISMA - Federal Information Security Management Act
- ISO 27001