In a world where compliance can make or break an enterprise, regulations are modern commandments
Let’s face it; no enterprise today really knows that they are completely compliant with all the regulations they are supposed to comply with. Firstly, there are a lot of them, and, as they change every couple of years, there are more grey areas in these regulations than there are craters on the moon. And, of course, if you are doing business in multiple nations then God help you.
In a world where compliance can make or break an enterprise, regulations are the modern commandments.
Here are some regulations that keep CIOs up at night:
The tagline of this regulation should be “Doing nothing is not an option”. If an enterprise is touching any kind of card data (or even just passing it through), the Payment Card Industry Data Security Standards (PCI DSS) apply. Non compliance can result in fines of up to $500,000 by banks and credit card companies, in addition to loss of reputation, civil litigation, and suspension of credit card acceptance. The consequences of PCI DSS non compliance should scare any enterprise whose revenue is significantly reliant on e-commerce.
The Health Insurance Portability and Accountability Act (HIPAA) is a US regulation to protect all kind of healthcare-related information. The HIPAA security rule specifically establishes standards for managing any kind of electronic health information. This applies to not only hospitals but also any organization that handles such information. The penalties that a single violation can cost you could be up to $50,000, and repeat violations can go up to $1,500,000. Violations can additionally carry criminal charges and result in jail time.
The Federal Information Security Management Act (FISMA) applies to any organization that is dealing with US government federal information. This includes any agency, contractor, and other source that provides or manages such information. Any violation or even a low FISMA score can result in huge reputational damage to a firm, along with significant budget cuts to the corresponding agency.
The Sarbanes-Oxley (SOX) act applies to public companies and some private companies and has regulations relating to information disclosure and records retention. Additionally, it mandates the enterprises to assess and document, through internal and external audits, the effectiveness of the controls over their financial reporting. SOX violations contain harsh penalties, and a fine of up to $5million along with 20 years of jail time. It is also instructive to note that the median settlement values for individuals charged with violating SOX regulations have been doubling every 3 years.
The EU has introduced a new regulation — General Data Protection Regulation (GDPR) which applies to anyone who is based in EU or is dealing with information and data belonging to EU, from May 2018. GDPR provides individuals within the EU with rights over their personal information like right to be informed, right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, right to object, and rights related to automated decision making and profiling. Every enterprise dealing with the personal information of an EU citizen will need to comply. Non compliance can result in fines of up to €20 million or 4% of the annual turnover.
The Network and Information Security Directive (NISD) is a European Union regulation that applies to all operators of essential services and digital service providers (DSPs). While this regulation has not yet been applied, it is complementary to the GDPR regulation and is expected to be active in 2018–19. The penalties are yet to be finalized, but in the true EU fashion you can expect them to be spine-chilling.
India Toll Compliance
The India Toll Compliance regulation is created by DoT (Department of Telecommunication) and enforced by TRAI (Telecom Regulatory Authority of India). It regulates telephony in India, which applies to call centres running out of there and restricts any kind of toll bypass using Internet Telephony. Violations carry punitive damages, and a possibility of losing the license.
Regulatory Compliance is today an essential department for an enterprise. But the sheer number of compliances that are required and the massive overhead in ensuring compliance means that organizations are increasingly looking for lightweight, automated solutions to track, monitor, manage, and, where possible, certify compliance.
– Article written by Sreekanth Nemani
About the Author
Sreekanth Nemani is a telecom expert with 4 international patents and 2 well-cited publications. He holds a Masters degree in Computer Science from Utah State University. He is a researcher and a deep thinker. His research areas include disaster recovery of SIP based networks. With over a decade of experience at Avaya in various capacities, Sreekanth has a wide experience and in-depth knowledge.
Currently he works at SmarterHi communications, the makers of Assertion, as a business architect. He is researching on global policies like HIPAA and PCI and how to automate their compliance.
7 Regulations that send a Chill down an Enterprise’s Spine was originally published in Assertion on Medium, where people are continuing the conversation by highlighting and responding to this story.